Sparing  rookie  IT  managers  from  mistakes. 


Radio-frequency  tagging  cuts  costs,  adds  controls. 
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IBM  LICENSE  HARD 
TO  ADOPT:  USERS 

Workload-based  model 
cumbersome,  they  say 

BY  JAIKUMAR  VIJAYAN 

Eighteen  months  after  IBM  in¬ 
troduced  a  new  licensing  mod¬ 
el  aimed  at  reducing  main¬ 
frame  software  costs,  some 
users  and  analysts  say  moving 
to  it  may  be  more  of  a  chal¬ 
lenge  and  less  beneficial  in  the 
short  term  than  some  might 
have  previously  anticipated. 

That’s  because  companies 
that  hope  to  lower  mainframe 
costs  by  moving  to  IBM’s 
Workload  License  Charges 
need  to  do  extensive  software 


AT  A  GLANCE 


With  Workload  License 
Charges,  users  can: 

PAY  for  software  based  on  workload  ca¬ 
pacity  requirements,  which  may  not  neces¬ 
sarily  be  the  full  capacity  of  the  machine 

ADD  hardware  capacity  for  new  workloads 
and  not  have  software  charges  increase  for 
existing  workloads 

BUY  reserve  hardware  capacity  for  future 
growth  with  no  increase  in  software  prices 

MANAGE  sudden  spikes  in  workload  with¬ 
out  having  to  pay  extra  software  fees 

SOURCE:  IBM 

capacity  planning  and  asset 
management  beforehand  if 
they  want  to  see  any  benefits, 
they  said. 

“Making  the  decision  to 
move  to  WLC  is  not  a  trivial 
task,  but  one  that  requires 
an  understanding  of  workload 
IBM  License,  page  61 


BILL  CROWELL,  CEO 
of  Cylink  and  former 
deputy  director  of  the 
NSA:  “Clearly,  the 
vulnerabilities  of  the 
nation  to  cyberattack 
are  growing.” 
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USERS  CAUGHT  IN 
MIDDLE  OF  VAN  SPAT 


Customers  seek  work-arounds  after  rival 
value-added  networks  drop  online  links 


BY  MICHAEL  MEEHAN 

A  nasty  spitting  match  be¬ 
tween  rival  e-commerce  value- 
added  networks  has 
corporate  users 
crying  foul  and 
worrying  about  the 
long-term  status  of 
their  online  links  to  supply 
chain  partners. 

Dublin,  Ohio-based  Sterling 
Commerce  Inc.  last  week  con¬ 
firmed  that  it  plans  to  ter¬ 


minate  its  VAN  interconnect 
with  New  York-based  Internet 
Commerce  Corp.,  effective  to¬ 
day.  Sterling’s  move 
follows  a  decision 
in  September  by 
market  leader  GE 
Global  Exchange 
Services  Inc.  to  disconnect  its 
VAN  from  the  one  run  by  ICC. 

Users  need  interconnects 
between  different  e-commerce 
networks  to  process  business 


transactions  via  electronic 
data  interchange  transmis¬ 
sions  with  suppliers  and  cus¬ 
tomers  that  subscribe  to  other 
VANs.  ICC  said  its  network  has 
more  than  1,000  users. 

Neither  Sterling  nor  Gaith¬ 
ersburg,  Md.-based  GXS  has 
said  why  it  cut  off  ICC.  GXS 
said  only  that  it  acted  for  “busi¬ 
ness  reasons,”  while  Sterling 
declined  to  comment. 

For  now,  ICC  customers  can 
get  around  the  disconnects  by 
having  their  EDI  traffic  routed 
to  Sterling  and  GXS  users 
through  intermediary  links. 
Charlie  Townsend,  chief  tech¬ 
nology  officer  at  New  York- 
based  Randa  Corp.,  said  the 
men’s  neckwear  maker  will  be 
able  to  send  data  to  business 
partners  on  Sterling’s  network 
via  IBM’s  VAN  at  no  extra  cost, 
with  ICC  picking  up  the  tab. 

VAN  Spat,  page  16 


VOIP  HOT,  BUT 
USERS  SWEAT 

Voice  over  IP  projects 
take  toll  on  resources 

BY  MICHAEL  MEEHAN 

Voice  over  IP  is  one  of  the 
hottest  technologies  around, 
but  users  caution  that  anyone 
attempting  a  VOIP  project 
needs  a  lot  of  bandwidth  and 
an  equal  amount  of  patience. 

IT  managers  involved  in 
VOIP  efforts  said  they  face  a 
daunting  task:  making  sure 
that  voice  packets,  which  must 
be  given  priority  on  networks 
for  reasons  of  sound  quality, 
don’t  gum  up  their  data  feeds. 
“You’ve  got  to  beef  up  the 
VOIP,  page  16 


CYBERTERRORISM: 


Cyberterrorism  may  not  be  an  immediate 
threat  to  U.S.  businesses,  but  the  govern¬ 
ment  recently  decreed  that  critical  sectors 
such  as  banking,  communications  and 
the  water  supply  should  be  on  high  alert. 
In  exclusive  interviews,  former  CIA  and 
NSA  security  experts  offer  advice  on 
steps  the  public  and  private  sectors 
should  take  to  prevent  cyberattacks. 

Story  begins  on  page  30. 
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Microsoft  and  NetlQ  make  it  easier  to  manage  your  entire  Windows 
Server  environment.  You’ve  got  servers  running  Windows®  2000  here, 
servers  running  Windows  NT®  in  the  next  building,  and  a  mix  of  platforms 
running  in  your  plants  overseas.  Managing  a  global-class  enterprise  sure 
means  a  lot  of  running. 

Which  is  why  Microsoft  and  NetlQ  teamed  up  to  deliver  a  way  to  manage 


your  entire  Windows  Server  environment  from  one  very  convenient  place:  youi 
desk.  It  starts  with  Microsoft®  Operations  Manager  2000,  the  most  effective 
way  to  manage  all  your  Windows  2000-based  servers  and  applications,  from 
proactive  alerting  to  performance  monitoring  to  event  collection  and  reporting 
By  adding  NetlQ  Extended  Management  Pack  modules,  you  can  also 
monitor  Windows  NT  4.0  as  well  as  other  Microsoft  servers;  mission-critical 
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applications  like  Oracle  RDBMS  and  Lotus  Domino;  and  large-scale  enterprise 
platforms  like  UNIX  and  NetWare.  All  from  one  centralized  console. 

Which  means  that  you  spend  a  lot  less  time  running  around  your 
enterprise,  and  a  lot  more  time  simply  and  effectively  managing  it.  Get  a 
head  start  on  reducing  your  management  burden  with  a  visit  to  netiq.com 
./manageability  today.  Software  for  the  Agile  Business. 
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SOMEDAY 

TOMORROW. 

EVENTUALLY 

THREE  OF  THE  WORST  TIMES  TO  START  PLANNING 
YOUR  BUSINESS  CONTINUANCE. 


Business  Continuity  Solutions 

Nothing  gives  you  more  peace  of  mind  than  knowing  your 
business  is  already  prepared  to  handle  anything.  To  find  out  how 
ready  you  are  for  the  future,  take  our  Vulnerability  Assessment 
Test  today.  It's  the  quickest  way  to  put  your  mind  at  ease. 
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COMMON  SENSE  IN  A  DATABASE 

Artificial  intelligence  pioneer  Doug  Lenat  (left) 
has  been  working  for  17  years  to  codify  every¬ 
thing  a  human  knows.  Now  the  public  can  add  to 
the  database.  PAGE  49 


SECURITY  SENTINELS 

Three  women  —  Dorothy 
Denning,  Raemarie  Schmidt  and 
Martha  Stansell-Gamm  (left)  — 
have  weathered  political  battles 
and  conquered  other  problems  to 
help  shape  IT  security  policies 
used  throughout  the  private  and 
public  sectors.  PAGE  34 
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COMPIflERWORLDTH  IS  WEEK 


NEWS  6 

6  With  so  few  early  adopters  of 

.Net,  users  at  Microsoft’s  TechEd 
event  this  week  say  they  still  need 
to  be  convinced  of  its  usefulness. 

7  Palm  takes  the  stand  in  the 

Microsoft  antitrust  case  to  say  that 
handheld  users  need  interoperabil¬ 
ity  with  Windows,  too. 

8  Denial-of-service  attacks 

are  an  even  more  serious  threat 
now  than  two  years  ago,  when 
they  brought  down  several  high- 
profile  Web  sites,  including  Yahoo 
and  eBay. 

10  Oracle  extends  its  hosting  pro¬ 
gram  beyond  applications  to  data¬ 
bases  and  application  servers. 

12  Storage  Networking  World 

provides  a  forum  for  storage  ad¬ 
ministrators  who  say  they  badly 
need  better  management  tools. 

F°r  leaking  news’  updated 
WU1LJ\  twice  daily,  visit  our  Web  site: 

I  www.computerworld.com/ 

I  livlk*  q?q4000 


BUSINESS  27 

27  Bart  Perkins,  in  his  first  Com- 

puterworld  column,  tells  IT  leaders 
why  managing  their  supplier  rela¬ 
tionships  makes  good  business 
sense. 

36  Microsoft  Certified  Systems 
Engineers  with  Windows  NT  4.0 
credentials  are  re-evaluating  their 
training  and  career  options  in 
light  of  recent  certification  re¬ 
quirement  changes  imposed  by 
Microsoft. 

38  Enterprise  portals  might  be 

useful  in  helping  companies  estab¬ 
lish  links  with  their  employees, 
customers  and  business  partners, 
but  few  companies  have  taken 
steps  to  measure  the  affect  portals 
have  on  the  bottom  line. 

42  Workstyles:  Steve  Jarvis,  vice 
president  of  e-commerce  at  Alaska 
Airlines,  talks  about  the  IT  culture 
that  has  emerged  in  his  company  to 
meet  competitive  challenges  in  the 
airline  industry. 


TECHNOLOGY  45 

45  Columnist  Nicholas  Petreley 

reviews  the  history  of  the  Object 
File  Store  as  an  idea  and  looks  to 
the  arrival  of  the  database. 

46  Radio-frequency  tagging 

can  cut  costs  by  automating  data 
acquisition  in  the  supply  chain. 

48  A  big  trucking  company 

makes  its  enterprise  database  man¬ 
agement  system  directly  available 
to  Internet  users. 

50  Emerging  Technologies: 

64-bit  computing  will  power  a  new 
generation  of  applications  running 
on  .Net  Server  and  Intel’s  Itanium. 

52  QuickStudy:  A  peer-to-peer 
network  connects  two  or  more  PCs 
to  share  files  and  access  to  devices 
without  a  separate  server. 

54  Security  Manager’s  Journal: 

Did  someone  steal  critical  source 
code?  Mathias  Thurman  gathers 
evidence  of  a  possible  crime.  But 
finding  the  culprit  may  not  be  easy. 


OPINIONS  24 

24  Maryfran  Johnson  offers 

three  lessons  for  corporate  IT  in 
dealing  with  the  Web  as  it  matures 
from  adolescence  into  adulthood. 

24  Pimm  Fox  warns  about  the 
increasing  number  of  security 
holes  being  opened  by  the  prolifer¬ 
ation  of  wireless  networks. 

David  Moschella  is  looking  for 
good  news  in  the  IT  industry  amid 
the  spate  of  recent  bad  news  in¬ 
volving  key  vendors. 

62  Frank  Hayes  says  the  latest 
flap  over  the  discovery  of  two  new 
holes  in  Office  XP  only  adds  to  Mi¬ 
crosoft’s  image  as  a  laughingstock 
when  it  comes  to  security.  He 
thinks  the  company  needs  code¬ 
busters  and  a  SWAT  team  to  find 
and  patch  holes  quickly. 
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EARNINGS  UPDATES 

For  the  latest  about  vendor  earn¬ 
ings  announcements,  visit  our 
IT  Industry  Earnings  special 
coverage  page. 

www.computerworld.com/q7a1150 


DESKTOP  LINUX? 

Linux  won’t  cut  it  on  end  users’ 
desktops  unless  it  can  run  “must- 
have”  Windows  applications. 
Computerworld  community 
member  Charles  A.  Bushong 
weighs  the  Windows  emulation 
options  —  and  picks  a  winner. 
www.computerworld.com/q7a1780 


MICROSOFT  IN  COURT 

With  testimony  in  the  antitrust 
case’s  remedy  hearing  now 
entering  its  fourth  week,  be  sure 
to  check  for  the  latest  updates 
from  court  on  our  Microsoft 
Legal  Issues  page. 
www.computerworld.com/mslegal 


HP/COMPAQ  FIGHT 
CONTINUES 

Walter  Hewlett  is  still  fighting  the 
planned  merger  in  court,  even  as 
Hewlett-Packard  and  Compaq  re¬ 
veal  their  management  plans  for 
the  newly  created  company.  Get 
the  latest  on  the  HP/Compaq  deal. 
www.computerworld.com/q7a1650 
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EDS  Reorganizes 
Key  Business  Units 

Electronic  Data  Systems  Corp.  an¬ 
nounced  plans  to  combine  its  IT  and 
business-process  outsourcing  oper¬ 
ations  into  a  single  unit,  effective 
April  15.  The  Plano,  Texas-based 
company  will  also  create  a  second 
new  unit  that  combines  its  applica¬ 
tion  services  and  IT  implementation 
consulting  businesses.  No  layoffs 
are  planned  as  part  of  the  moves, 
an  EDS  spokesman  said. 

SEC  Begins  Formal 
Qwest  Investigation 

Denver-based  Qwest  Communica¬ 
tions  International  Inc.  said  the  Se¬ 
curities  and  Exchange  Commission 
(SEC)  has  launched  a  formal  inves¬ 
tigation  into  its  accounting  prac¬ 
tices.  The  SEC,  which  began  an  in¬ 
formal  inquiry  last  month,  is  looking 
into  issues  related  to  Qwest’s  finan¬ 
cial  results  for  2000  and  2001.  The 
company  said  it's  cooperating  fully. 


Microsoft  Warns  of 
Holes  in  Win  2k,  NT 

Microsoft  Corp.  issued  software 
patches  designed  to  fix  two  newly 
discovered  security  holes:  one  that 
affects  Windows  NT  and  Windows 
2000,  and  another  that  affects 
Windows  2000  only.  The  company 
gave  a  “moderate"  severity  rating 
to  each  vulnerability.  The  more  seri¬ 
ous  of  the  two  could  let  attackers 
elevate  user  privileges  or  run  mali¬ 
cious  code  on  unprotected  systems, 
Microsoft  said. 


Short  Takes 

Chicago-based  DIVINE  INC.  an¬ 
nounced  a  deal  to  acquire  VIANT 
CORP.,  a  Boston-based  Internet 
consulting  firm  that  lost  S72  million 
on  revenue  of  $34.6  million  last 
year. . .  .  Portsmouth,  N.H. -based 
1 ERASYS  NETWORKS  INC. 
warned  of  losses  and  said  that  its 
CEO,  chief  operating  officer  and 
;  .  of  marketing  are  resigning. 


COMPUTERWORLD  April  8, 2002 


Microsoft  Seeks 
Show  .Net 

But  many  users  are  just  beginning  to 
explore  the  new  development  environment 


BY  CAROL  SLIWA 

MICROSOFT  CORP. 
executive  will  try 
to  show  IT  pro¬ 
fessionals  “how 
.Net  and  XML 
Web  services  are  real  today” 
during  this  week’s  TechEd 
conference  in  New  Orleans,  a 
company  spokesman  said. 

Microsoft  plans  to  showcase 
corporations  and  vendor  part¬ 
ners  that  are  using  its  new  .Net 
development  environment  to 
build  real-world  applications 
and  XML-based  Web  services, 
according  to  John  Montgomery, 
a  group  product  manager  for 
the  .Net  platform. 

But  .Net,  which  shipped  in 
February,  has  hardly  become 
pervasive  in  corporate  produc¬ 
tion  environments  yet.  Most 
enterprise  users  are  just  start¬ 
ing  to  explore  .Net  and  Web 
services  technologies,  said  sev¬ 
eral  analysts,  early  adopters 
and  even  Microsoft  vendor 
partners  last  week. 


Mark  Driver,  an  analyst  at 
Stamford,  Conn.-based  Gartner 
Inc.,  said  he  expects  .Net  adop¬ 
tion  to  be  gradual  over  the  next 
five  years. 

“Most  adoption  is  really  go¬ 
ing  to  kick  in  next  year,”  he 
said,  adding  that  Microsoft 
users  “have  very  little  choice.” 

But  Driver  said  he  routinely 
advises  his  clients  to  avoid  de¬ 
ploying  mission-critical  appli¬ 
cations  that  rely  on  .Net  for  at 
least  six  to  nine  months. 

Jon  Stotts,  a  spokesman  for 
Microsoft  partner  iWay  Soft- 
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ware,  a  wholly  owned  sub¬ 
sidiary  of  Information  Builders 
Inc.  in  New  York  that  makes 
components  to  help  integrate 
business  applications,  said  his 
firm’s  enterprise  customers  are 
also  showing  great  interest  in 
.Net  and  Web  services.  But 
none  of  the  interested  compa¬ 
nies  is  beyond  the  proof-of- 
concept  stage. 

“Our  customers  are  very 
conservative,  so  it  will  prob¬ 
ably  be  a  long  time  before 
the  majority  of  our  customers 
are  implementing  these  solu¬ 
tions,”  Stotts  predicted,  noting 
that  his  firm’s  clients  include 
many  Fortune  100  companies. 
He  added  that  users  “are  still 


to 

Is  Real 

trying  to  figure  out  exactly 
how  they’re  going  to  improve 
their  business  processes”  by 
using  .Net. 

But  Driver  said  some  firms 
may  see  advantages  to  using 
.Net  today,  particularly  if  they 
write  Web  applications,  be¬ 
cause  Microsoft’s  ASP.Net  is 
“heads  and  tails  more  power¬ 
ful”  than  its  Active  Server 
Pages  predecessors. 

The  life  insurance  division 
of  Newport  Beach,  Calif.-based 
Pacific  Life  Insurance  Co.,  for 
instance,  has  noted  a  20%  to 
30%  performance  improve¬ 
ment  in  Web  page  delivery 
since  switching  to  ASP.Net,  ac¬ 
cording  to  Cameron  Cosgrove, 
the  division’s  CIO. 

Cosgrove  said  that  about  six 
of  his  developers  adopted  Mi¬ 
crosoft’s  beta  tool  last  year  and 
converted  the  division’s  Web 
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TechEd  Preview 

At  this  week’s  event,  Micro¬ 
soft  plans  to: 

Showcase  products,  appli¬ 
cations  and  Web  sen/ices  built 
on  .Net. 

Launch  new  and  beta  ver¬ 
sions  of  .Net  Enterprise  Servers. 

Debut  its  first  commercially 
available  Web  service  for  con¬ 
sumers. 

• 

Instruct  customers  on  Web 
services  application  architecture. 

Provide  a  road  map  of  future 
enterprise  direction. 


site  to  ASP.Net.  They  also  built 
two  Web  services  to  transfer 
information  between  the  com¬ 
pany’s  front  end  and  database 
using  XML-based  messages 
sent  via  the  Simple  Object  Ac¬ 
cess  Protocol. 

Cosgrove  said  he’s  been  im¬ 
pressed  with  the  .Net  tool’s 
ability  to  help  developers  more 
quickly  build  cleaner  code 
that’s  easier  to  deploy.  I 


Belluzzo  to  Leave  Microsoft  Amid  Reorganization 


Rick  Belluzzo,  Microsoft’s  president  and  chief  operating 
officer  and  a  force  behind  the  growth  of  its  Xbox  and 
MSN  efforts,  is  leaving  the  company,  the  software  ven¬ 
dor  announced  last  week. 

Belluzzo,  48,  will  step  down  as  president  and  COO 
on  May  1  and  leave  the  company  in  September.  The 
move  comes  as  part  of  a  broader  reorgani¬ 
zation  intended  to  give  greater  autonomy  to 
the  executives  in  charge  of  Microsoft’s  vari¬ 
ous  product  groups,  the  company  said. 

Although  Microsoft  gave  no  specific  rea¬ 
son  for  the  departure,  Belluzzo  appears  to 
have  been  the  victim  of  an  internal  turf  war, 
said  Rob  Enderle,  an  analyst  at  Giga  Infor¬ 
mation  Group  Inc.  in  Cambridge,  Mass. 

With  the  economy  on  the  slide,  Belluzzo 
was  charged  with  making  cutbacks  at  vari¬ 
ous  business  units,  Enderle  said.  His  posi¬ 
tion.  which  had  been  closer  to  that  of  presi¬ 
dent  than  COO,  became  more  like  that  of  a  “glorified 
administrator ...  and  that  wasn’t  acceptable  to  him,” 
Enderle  said,  adding  that  at  one  time,  Belluzzo  was  con¬ 
sidered  a  potential  successor  to  CEO  Steve  Ballmer. 

“Given  where  Steve  and  I  knew  we  needed  to  take 
the  business,  I  decided  it  was  the  right  time  to  pursue 
my  goal  of  leading  my  own  company,"  Belluzzo  said  in 
the  statement  announcing  his  plans. 

Another  analyst  said  Belluzzo’s  departure  will  be  no 
great  loss. 

“I  don’t  think  it’s  a  particularly  significant  blow  to  Mi¬ 
crosoft,"  said  David  Smith,  a  senior  analyst  at  Gartner 


Inc..  “It’s  hard  to  put  your  finger  on  anything  he’s  done 
that  was  particularly  spectacular." 

Belluzzo  may  have  helped  revive  Microsoft’s  MSN 
online  service,  but  the  unit  is  “still  not  what  you’d  call 
tremendously  successful,”  Smith  said.  Belluzzo  also 
doesn’t  appear  to  be  closely  involved  with  the  develop¬ 
ment  of  .Net,  a  key  project  for  Microsoft  that 
involves  retooling  its  products  to  allow  for 
the  delivery  of  software  and  services  over 
the  Internet. 

“There’s  a  definite  culture  clash  between 
Rick  and  the  company,"  Smith  said.  “He’s 
very  soft-spoken.  I  don’t  think  that  gets  you 
very  far  at  Microsoft.” 

As  part  of  the  reorganization,  Microsoft 
will  be  divided  into  seven  business  units: 
Windows  Client,  Knowledge  Worker,  Server 
and  Tools,  Business  Solutions,  CE/Mobility, 
MSN,  and  Home  and  Entertainment.  The 
leaders  of  each  unit  will  have  “comprehensive  opera¬ 
tional  and  financial  responsibility  and  greater  account¬ 
ability,”  Microsoft  said. 

Belluzzo,  a  former  CEO  at  Mountain  View,  Calif.- 
based  Silicon  Graphics  Inc.,  joined  Microsoft  in  Sep¬ 
tember  1999  as  vice  president  of  its  consumer  group. 

As  president  and  COO,  he  has  overseen  Microsoft's 
worldwide  sales  and  marketing:  directed  its  human 
resources,  finance  and  licensing  operations:  and  over¬ 
seen  its  efforts  in  the  areas  of  computer  games  and 
TV  platform  software. 

-  James  Niccolai,  IDG  News  Service 
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Palm:  Handheld  Integration  Key  for  Users 


Company  argues  at  trial  for  greater 

access  to  Microsoft  technical  data 


BY  PATRICK  THIBODEAU 

WASHINGTON 


The  battle  for  the  enterprise 
among  handheld  vendors  is  be¬ 
ing  fought  not  just  in  the  mar¬ 
ketplace,  but  also  in  the  court¬ 
room  of  the  Microsoft  Corp. 
antitrust  trial. 

It  was  there  that  Michael 
Mace,  a  senior  Palm  Inc.  offi¬ 
cial,  last  week  urged  U.S.  Dis¬ 
trict  Court  Judge  Colleen  Kol- 
lar-Kotelly  to  impose  a  remedy 
that  would  guarantee  Palm  ac¬ 
cess  to  the  technical  data  it 
needs  for  interoperability  with 
Microsoft  products. 

Interoperability  is  critical, 
Mace  said.  “Microsoft  has  al¬ 
ready  started  to  use  its  posi¬ 
tion  to  withhold  technical  in¬ 
formation  from  Palm,  and  it 
has  attempted  to  severely  dam¬ 
age  Palm’s  ability  to  compete 
with  Windows,”  Mace  alleged 
in  his  testimony. 

The  nine  states  that  have  re¬ 
fused  to  sign  the  Bush  adminis¬ 
tration  settlement  want  a  rem¬ 
edy  that  includes  protections 
for  potential  PC  substitutes, 
such  as  handhelds.  Those  pro¬ 
tections  are  focused  on  en¬ 
suring  that  competitors  can 
achieve  interoperability  with 
Windows. 

That’s  a  key  issue  for  some 
end  users.  Handhelds  have 
long  been  used  by  corpora¬ 
tions,  initially  on  an  ad  hoc  ba¬ 
sis  by  executives.  But  more 
companies  are  adopting  hand¬ 
helds  as  part  of  broader  enter¬ 
prise  strategies,  say  analysts. 

Vince  Marbibi,  applications 
manager  at  Austin,  Texas,  law 
firm  McGinnis  Lochridge  & 
Kilgoe  LLP,  was  an  early 
adopter  of  handhelds,  having 
rolled  out  Palm  OS-based  de¬ 
vices  to  his  legal  staff  more 


Ol  For  more  information 

WUidV  about  the  remedy 

T  proceedings,  visit  our 

I  J1  1KV*  Website: 

www.computerworld.com/q728717 

Read  Computerworld s  ongoing  coverage  of 
the  Microsoft  antitrust  case: 

www.computerworld.co  m/q?s1100 


than  a  year  ago.  But  next  time, 
he  says,  he  might  go  the  Micro¬ 
soft  route. 

The  problem,  said  Marbibi, 
is  out-of-the-box  configuration 
with  Windows  desktops.  “It 
would  take  me  half  the  time  to 
set  up  a  [Windows]  CE  device 
than  it  would  to  set  up  a  Palm 
device,”  he  said. 

That’s  one  of  the  issues  that 
corporate  IT  managers  face, 
said  Ken  Dulaney,  a  San  Jose- 
based  analyst  at  Gartner  Inc. 
Handhelds  go  through  a  proc- 


New  benchmarks 
for  online  privacy 
could  emerge 


PATRICK  THIBODEAU 

WASHINGTON 

In  January  2000,  Doubleclick 
Inc.’s  stock  was  soaring,  reach¬ 
ing  about  $135  per  share.  But 
then  came  the  lawsuits  with 
allegations  that  the  online  ad¬ 
vertising  firm  planned  to 
merge  information  about  peo¬ 
ple’s  Web-browsing  activities 
with  personal  identifiers.  Six 
months  later,  even  before  the 
dot-com  bubble  burst,  Double- 
Click’s  share  price  had  tum¬ 
bled  to  the  mid-$30s. 

Doubleclick  put  that  plunge 
behind  it  late  last  month  when  it 
settled  the  lawsuits.  But  other 
firms  may  face  similar  problems 
if  DoubleClick’s  $1.8  million 
settlement  is  seen  as  an  incen¬ 
tive  for  more  privacy  lawsuits. 

The  settlement  may  also  in¬ 
fluence  corporate  information 
practices,  privacy  experts  said 
last  week.  The  terms  of  the 
agreement,  which  include  au¬ 
tomatic  cookie  expiration  after 
five  years  and  an  independent 


ess  of  synchronization  to  auto¬ 
matically  merge  with  data 
stored  on  a  PC  or  server,  such 
as  messaging  and  calendaring 
information  in  Outlook. 

“Microsoft  should  make  the 
synchronization  tool  available 
for  more  than  legal  reasons,” 
said  Dulaney.  “By  making  it 
available  to  Palm,  they  satisfy 
more  Outlook  users.  Forcing 
everyone  to  use  Pocket  PC  is 
like  forcing  everyone  to  use 
the  same  watch.” 

Jeneane  Brian,  CEO  and 
president  of  the  Visiting  Nurs¬ 
es  Association  Home  Health 
Systems  in  Santa  Ana,  Calif., 
says  she’s  committed  to  the 
Palm  OS.  The  association  has 


audit  of  DoubleClick’s  privacy 
practices,  are  possible  corpo¬ 
rate  benchmarks.  The  settle¬ 
ment  has  “the  potential  for  be¬ 
ing  a  foundation  on  which  oth¬ 
er  businesses  might  change 
their  practices,”  said  Brian 
Smith,  an  e-commerce  privacy 
expert  at  the  law  firm  Mayer, 
Brown  &  Platt  in  Washington. 

Privacy  litigation  is  a  rela¬ 
tively  new  area,  and  there  have 
been  few  law-shaping  cases  or 
enforcement  actions  by  the 
U.S.  Federal  Trade  Commis- 


Forcing  every¬ 
one  to  use  Pocket 
PC  is  like  forcing 
everyone  to  use 
the  same  watch. 

KEN  DULANEY,  ANALYST, 
GARTNER  INC. 

equipped  its  clinicians  with 
handhelds  that  contain  patient 
data  that’s  entered  via  an  Inter¬ 
net  connection  and  ultimately 
stored  on  Microsoft  SQL  Serv- 


sion.  But  key  decisions  are 
emerging.  In  January,  for  in¬ 
stance,  the  FTC  settled  a  case 
against  Indianapolis-based  Eli 
Lilly  and  Co.  over  the  compa¬ 
ny’s  inadvertent  release  of  cus¬ 
tomer  e-mail  addresses.  The 
FTC  settlement  stipulated  spe¬ 
cific  information  security  prac¬ 
tices  for  the  drug  maker. 

Industrywide  Impact 

These  cases  “are  very  influ¬ 
ential,  very  important,”  said 
William  Paukovitz,  chief  priva¬ 
cy  officer  and  assistant  vice 
president  at  Fireman’s  Fund 
Insurance  Co.  in  Novato,  Calif. 
Privacy  litigation  tests  the 
“true  meaning”  of  the  law, 
Paukovitz  said,  adding,  “I  try  to 
keep  my  eye  on  what’s  going 


Why  It  Matters 


DoubleClick’s  pending  privacy  settlement  will  get  corporate 
attention  as  a  possible  best  practice.  A  court  hearing  to  finalize 
the  settlement  is  set  for  next  month. 

EFFECT  ON  IT:  Cookies  expire  after  five  years;  an  indepen¬ 
dent  audit  of  privacy  practices  is  required. 

EFFECT  ON  E-COMMERCE:  The  settlement  requires 
Doubleclick  to  conduct  a  privacy  information  education  cam¬ 
paign.  With  300  million  advertisement  banners,  consumer 
awareness  of  privacy  will  increase. 

EFFECT  ON  POLITICS:  Trade  groups  want  Congress  to 
bar  private  lawsuits  in  privacy  cases  and  leave  enforcement  to 
state  and  federal  authorities.  The  Doubleclick  settlement  v/ill 
be  cited  by  privacy  advocates  as  a  good  reason  for  allowing 
private  action. 


Doubleclick  Settlement  May 
Affect  Corporate  IT  Policies 


er  and  viewed  with  Access. 

“I  have  not  suffered  from  the 
fact  that  we  are  on  Microsoft 
operating  in  the  office  and  a 
Palm  0$  out  in  the  field,”  said 
Brian.  Nonetheless,  she  said 
she’s  concerned  that  the  situa¬ 
tion  could  change  and  sup¬ 
ports  giving  Palm  greater  ac¬ 
cess  to  technical  data. 

Although  Windows  gives  IT 
managers  a  reason  to  move  to 
CE,  one  user  of  IBM’s  Lotus 
Notes  said  the  application  syn¬ 
chronizes  to  his  company’s 
Palm  devices  without  prob¬ 
lems.  “If  it  didn’t  work  well 
with  our  mail  or  calendaring 
tool,  then  we  would  have  some 
serious  problems,”  said  Mike 
Finch,  director  of  application 
support  at  City  Utilities  of 
Springfield  in  Missouri.  ► 


on  in  all  of  [the  cases].” 

While  DoubleClick’s  settle¬ 
ment  may  encourage  more  liti¬ 
gation,  it  also  illustrates  the 
difficulties  inherent  in  such  a 
privacy  action.  U.S.  District 
Judge  Naomi  Reice  Buchwald 
rejected  the  federal  case  in 
New  York  against  Doubleclick, 
which  was  also  Filed  in  several 
state  courts,  in  part  because 
U.S.  wiretapping  and  fraud 
laws  cited  didn’t  apply  to  new 
technologies,  such  as  cookies. 

“Existing  laws  were  not  nec¬ 
essarily  enacted  to  deal  with 
the  Internet  and  Internet  com¬ 
merce,”  said  Carlyn  Clause,  a 
privacy  expert  at  Fenwick  & 
West  LLP  in  San  Francisco. 

Denise  Garcia,  an  analyst 
at  Stamford,  Conn.-based  Gart¬ 
ner  Inc.,  attributes  Double- 
Click’s  stock  plummet  in  2000 
to  its  privacy  problems.  But 
she  said  she  sees  the  settle¬ 
ment,  with  its  requirements  for 
consumer  choice  and  a  public 
information  campaign,  as  hav¬ 
ing  an  industrywide  impact. 

“Most  [Web]  sites  will  be  in¬ 
spired  or  be  pressured  by  their 
audience  to  tell  them  what 
their  privacy  policy  is.  At  this 
point,  users  really  aren’t  aware 
of  how  they  are  being  tracked,” 
she  said.  > 


Link© 


Read  more  about 
privacy  issues  at 
Computerworld s 
special  focus  page: 


www.c.omputerworld.com/q?s1200 
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*enial-of-Service 
Attacks  Still  a  Threat 


Two  years  after  high-profile  hits,  IT  struggles 
to  fend  off  more  sophisticated  attackers 


BY  JAIKUMAR  VIJAYAN 

Denial-of-service 
(DOS)  attacks 
continue  to  pre¬ 
sent  a  significant 
security  threat 
to  corporations  two  years  af¬ 
ter  a  spate  of  inci¬ 
dents  brought  down 
several  high-profile 


SECURITY 


challenge.  “In  that  sense,  the 
tools  are  always  only  trying  to 
catch  up”  with  the  threat,  said 
Raj  Raghavan,  a  vice  president 
at  SiegeWorks  Enterprise  Se¬ 
curity  Solutions,  a  Pleasanton, 
Calif.-based  integrator  of  secu¬ 
rity  technologies. 

DOS  attacks  make 
computer  systems  in¬ 


sites,  including  those  of  Ya¬ 
hoo  Inc.  and  eBay  Inc.,  users 
and  analysts  report. 

Since  then,  several  technolo¬ 
gies  have  emerged  that  help 
users  detect  and  respond  to 
DOS  attacks  far  more  quickly 
and  effectively  than  before.  But 
the  increasingly  sophisticated 
attack  methods  and  the  grow¬ 
ing  range  of  systems  targeted  in 
DOS  attacks  continue  to  pose  a 


accessible  by  flooding  servers 
or  networks  with  useless  traf¬ 
fic  so  that  legitimate  users 
can  no  longer  gain  access  to 
those  resources.  In  distrib¬ 
uted  DOS  (DDOS)  attacks, 
malicious  hackers  use  hun¬ 
dreds  and  sometimes  even 
thousands  of  previously  com¬ 
promised  computer  systems  to 
launch  assaults  against  a  net¬ 
work  or  server. 


During  a  three-week  period 
in  mid-2001,  researchers  from 
the  University  of  California, 
San  Diego,  detected  approxi¬ 
mately  12,800  DOS  attacks 
against  more  than  5,000  tar¬ 
gets.  Recent  examples  include 
attacks  against  the  World  Eco¬ 
nomic  Forum’s  Web  site  in 
February  as  well  as  those  that 
drove  British  Internet  service 
provider  CloudNine  Commu¬ 
nications  out  of  business  ear¬ 
lier  this  year. 

Increasing  Menace 

“The  threat  is  a  lot  worse 
today  than  two  years  ago,”  said 
Harris  Miller,  president  of  the 
Information  Technology  Asso¬ 
ciation  of  America  (ITAA)  in 
Arlington,  Va.  “There  are  lots  of 
indications  that  since  Sept.  11, 
the  number  of  DOS  attacks 
have  greatly  increased.” 

The  ITAA  is  acting  as  the  co¬ 
ordinator  of  an  industry  body 


Cost,  Other  Priorities  Stall  Use  of  DOS  Detection/Response  Tools 


Several  vendors  offer  early-detec- 
tion  and  response  tools  for  dealing 
with  DOS  attacks.  The  main  focus 
of  such  technologies  is  to  quickly 
give  IT  managers  the  information 
needed  to  filter  out  malicious  traffic 
while  letting  in  legitimate  users. 

Just  last  week,  for  instance, 
Waltham,  Mass.-based  Arbor  Net¬ 
works  Inc.  launched  an  enhanced 
version  of  its  Peakflow  DoS  soft¬ 
ware  that  uses  network  information 
gathered  from  a  user’s  Cisco  Sys¬ 
tems  Inc.  firewall  to  identify  and 
tiller  out  bad  traffic. 

Arbor’s  Peakflow  DoS  software 
is  just  one  in  a  growing  list  of  prod¬ 
ucts  available.  Other  products  in¬ 
clude  the  following: 

a  DDoS  Enforcer  from  Mazu 
Networks  Inc.  in  Cambridge,  Mass. 

a  Attack  Mitigator  from  Top  Lay¬ 
er  Networks  Inc.  in  Westboro,  Mass. 

«  Vantage  System  from  Asta 
Networks  Inc.  in  Seattle. 

a  CaptiO  from  Captus  Networks 
Co:p  . 1  Woodland,  Calif. 

M  st  of  these  products  work 


by  comparing  live  network  traffic 
against  some  previously  defined 
baseline  and  by  alerting  users  if 
there  is  a  significant  divergence 
from  that  baseline.  The  alerts  might 
be  based  on  a  comparison  of  byte  or 
packet  rates,  traffic  that’s  directed  at 
specific  resources,  traffic  that  origi¬ 
nates  from  specific  IP  addresses  or 
spikes  in  network  traffic. 

Despite  the  early-detection  ca¬ 
pabilities  offered  by  such  technolo¬ 
gies,  user  adoption  so  far  appears 
to  be  very  slow,  said  Michael  Ras¬ 
mussen,  an  analyst  at  Cambridge, 
Mass.-based  Giga  Information 
Group  Inc. 

For  one  thing,  the  tools  aren’t 
cheap.  Deploying  some  of  these 
products  can  mean  shelling  out 
anywhere  from  $75,000  at  the  low 
end  to  more  than  $1  million  for  a 
large  enterprise  installation.  The 
tools  are  most  effective  only  when 
they  are  installed  not  just  on  the 
edge  of  corporate  networks,  but 
also  in  service  provider  networks 
as  well,  analysts  said. 


Many  companies  also  have  their 
hands  full  dealing  with  other  secu¬ 
rity,  regulatory  and  privacy  issues 
and  may  be  giving  a  lower  priority 
to  DOS  threats,  Rasmussen  said. 

“The  DOS  threat  is  just  one  of 
the  security  issues  that  users  are 
worried  about,"  agreed  Charles 
Kolodgy,  an  analyst  at  Framingham, 
Mass.-based  IDC. 

House  of  Blues  Entertainment 
Inc.  in  Los  Angeles  exemplifies  that 
point.  Although  the  company  would 
like  to  have  a  DOS  tool  in  place,  it 
has  no  plans  to  do  so  right  now 
because  of  other  priorities,  said 
Steve  LaBrie,  director  of  network 
operations.  “I’m  concerned  about 
DOS,  but  it  is  not  fiscally  viable  to 
roll  out  anything  now,”  he  said. 

Many  companies  have  already 
beefed  up  their  firewalls,  intrusion- 
detection  systems  and  load-balanc¬ 
ing  capabilities  against  DOS  threats 
and  therefore  may  be  reluctant  to 
deploy  separate  anti-DOS  technol¬ 
ogy,  analysts  said. 

-  Jaikumar  Vijayan 


Tips  to  Help  Prevent  a  DOS  Attack 

■  Regularly  review  publicly  available  information  on  recent  security  vulner¬ 
abilities  and  incidents.  It  helps  in  configuring  and  updating  your  public  Web 
server  against  new  forms  of  attacks. 

■  Regularly  update  your  DOS  detection  tools  to  discover  new  patterns 

or  events  (resulting  from  new  or  updated  attacks  taking  advantage  of  new 
vulnerabilities). 

■  Update  firewall-filtering  mechanisms  to  deny  new  attacks. 

■  Temporarily  disable  specific  services  that  might  be  vulnerable. 

■  Augment  your  alerting  procedures. 

■  Work  with  your  Internet  service  provider  to  understand  what  precautions 
have  been  taken  to  guard  against  DOS  attacks. 

■  Get  a  configuration  that  uses  multiple  connections  built  from  different 
network  backbones.  This  will  help  switch  public  Web  servers  to  another 
connection  in  the  event  of  a  DDOS  attack. 


called  the  IT  Information 
Sharing  and  Analysis  Center, 
which  was  created  early  last 
year  to  share  information  and 
find  ways  of  dealing  with  DOS 
and  other  security  threats. 

Part  of  the  problem  with 
DOS  attacks  is  the  sheer  num¬ 
ber  of  ways  in  which  they  can 
operate,  said  Pete  Lindstrom, 
an  analyst  at  Framingham, 
Mass.-based  Hurwitz  Group 
Inc.  A  DOS  attack  can  be 
launched  to  overwhelm  a  tar¬ 
get’s  Web  site,  CPU,  memory, 
network  bandwidth  or  routers. 
It  can  also  work  by  taking 
advantage  of  known  flaws  in 
products,  Lindstrom  said. 

Degradation-of-service  at¬ 
tacks  are  another  variation. 
Such  assaults,  which  are  more 
difficult  to  detect  than  other 
DOS  attacks,  involve  short¬ 
lived  bursts  of  spurious  traffic 
directed  at  a  target  from  multi¬ 
ple  sources  and  are  aimed  at 
slowing  network  performance. 

“It  would  be  a  fairly  straight¬ 
forward  issue  to  handle  if  such 
attacks  originated  and  termi¬ 
nated  with  the  same  network,” 
said  Jeff  Ogden,  director  of 
high-performance  networks  at 
Ann  Arbor,  Mich.-based  In¬ 
ternet  service  provider  Merit 
Network  Inc. 

The  problem  arises  because 
almost  all  DOS  attacks  involve 
multiple  networks  and  attack 
sources,  many  of  which  have 
spoofed  IP  addresses  to  make 
detection  even  harder,  accord¬ 
ing  to  Ogden. 

So  completely  choking  off 
the  offending  traffic  requires 
network  administrators  to  call 


upstream  service  providers, 
alerting  them  to  the  attack  and 
having  them  shut  down  the 
traffic.  That  process  has  to  be 
repeated  all  the  way  back  to 
every  attack  source.  I 


Online  Resources 

Distributed  Denial  of  Service 
Attacks/Tools 

http://staff.washington.edu/ 

dittrich/misc/ddos/ 

Links  to  many  resources  about  DDOS 
attacks;  maintained  by  the  University 
of  Washington  in  Seattle. 


“Strategies  to  Protect  Against 
Distributed  Denial  of  Service 
Attacks” 

www.cisco.com/warp/public/ 

707/newsflash.html 

This  white  paper  explains  the  basics 
of  DDOS  attacks  and  prevention 
strategies;  provided  by  Cisco  Sys¬ 
tems  Inc. 


Overview  of  Scans  and  DDOS 
Attacks 

www.nipc.gov/ddos.pdf 

An  executive  summary  of  scans  and 
DDOS  attacks  from  the  FBI’s  National 
Infrastructure  Protection  Center. 
(Download  Portable  Document 
Format  files.) 

Preventing  a  DDOS  Attack 
www.jmu.edu/computing/ 
info-security/engineering/issues/ 
ddos.shtml 

Guidelines  for  preventing  an  attack 
and  links  to  resources;  provided 
by  James  Madison  University  in 
Harrisonburg,  Va. 


Onlul/  For  more  information 

WUILJV  about  DOS  attacks, 

r  visit  our  Security 

1  Jl  Knowledge  Center: 

www.computerworld.com/q?k1600 


Consider  the  facts.  According  to  IDC,  for  every  1,000  knowledge  workers,  your 
enterprise  wastes  $7.5  million  a  year  looking  for  and  reworking  information  that  already  exists. 

Inktomi  can  help.  Our  XML-enabled  knowledge  retrieval  solutions,  tightly  integrated  with  your 
business  critical  applications,  allow  people  to  find  and  react  in  real-time  to  information  spread 
across  your  global  enterprise.  By  connecting  the  right  content  to  the  right  person  at  the  right  time, 
Inktomi  makes  your  organization  far  more  efficient  and  competitive.  Best  of  all,  Inktomi  requires 
minimal  IT  resources  to  deploy  and  maintain,  delivering  an  extremely  low  total  cost  of  ownership. 


For  the  most  effective  real-time  information  management,  insist  on  Inktomi®  Enterprise  Search. 
It’s  just  one  of  a  comprehensive  suite  of  scalable  network  infrastructure  applications  many  of 
the  leading  FORTUNE  1000  companies  regard  as  essential  to  their  enterprises. 

You’ll  find  it  essential  to  yours. 


Inktomi 


essential" 


www.inktomi.com/search 
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United,  IBM  Finish 
Initial  DB2  Rollout . . . 


United  Air  Lines  Inc.  said  IBM  has 
completed  implementing  the  first 
phase  of  a  DB2-based  data  ware¬ 
house  for  the  airline.  More  than  1TB 
of  customer  and  operations  data  is 
currently  stored  in  the  data  ware¬ 
house  for  use  in  analyzing  passen¬ 
ger  destination  trends.  Chicago- 
based  United  said  data  from  its  call 
centers,  ticket  counters  and  airport 
kiosks  will  be  added  in  the  future. 


...And  Delta  Triples 
Its  Check-in  Kiosks 

Delta  Air  Lines  Inc.  said  it  plans  to 
install  300  new  self-service  check¬ 
in  kiosks  at  U.S.  airports  this  year, 
which  would  more  than  triple  the 
number  it  now  operates.  Atlanta- 
based  Delta  said  the  number  of  air¬ 
ports  where  it  has  kiosks  will  in¬ 
crease  from  30  to  80.  The  airline 
will  also  increase  the  functionality  of 
the  devices  so  they  can  be  used  by 
passengers  with  electronic  tickets. 


McData  Q1  Sales  Hit 
By  Order  Reductions 

Broomfield,  Colo.-based  storage 
switch  maker  McData  Corp.  said  its 
first-quarter  revenue  could  be  as 
much  as  20%  below  expectations 
due  to  order  reductions  made  last 
month  by  its  largest  customer,  a 
reference  to  EMC  Corp.  Hopkinton, 
Mass.-based  EMC  declined  to  com¬ 
ment  specifically  but  said  its  mix  of 
purchases  from  different  suppliers 
“varies  from  time  to  time.” 


Short  Takes 

HEWLETT-PACKARD  CO.  won  a 
five-year  IT  outsourcing  contract 
valued  at  about  S88  million  from 
EUROPEAN  AERONAUTIC  DEFENCE 
"ACt  CO.  in  Munich,  Ger¬ 
many.  . . . STORAGE  TECHNOLOGY 
•  \  in  Louisville,  Colo.,  extended 
an  outsourcing  deal  with  ELEC- 
:  TA  SYSTEMS  CORP.  in 
Piano.  Texas,  to  run  through  2012. 


Oracle  Extends  Outsourcing 
To  9i  Database,  App  Server 


Users:  Companies  can  offload  software 
administration  but  need  to  weigh  costs 


BY  MARC  L.  SONGINI 

RACLE  CORP.  has 
offered  software 
management  and 
hosting  services 
to  users  of  its 
business  applications  for  the 
past  three  years.  Now,  it’s  ex¬ 
tending  the  outsourcing  pro¬ 
gram  to  its  database  and  appli¬ 
cation  server  software. 

Oracle  last  week  announced 
that  it’s  making  outsourced 
management  services  avail¬ 
able  for  its  Oracle9i  product 
line.  Users  will  be  able  to  have 
Oracle  host  the  software  for 
them,  or  they  can  install  it  in 
their  own  data  centers  or  in 
third-party  facilities  and  get 
remote  support  from  Oracle. 

The  outsourcing  offer  is 
meant  to  save  money  and  ease 
management  burdens  for 
users,  according  to  Oracle.  The 
company  added  that  more  than 
200  customers  have  already 
signed  up  for  Oracle9i  out¬ 
sourcing  under  an  early- 
adopter  program  that  began  a 
year  ago  for  the  database  and 
six  months  ago  for  the  applica¬ 
tion  server. 

That’s  similar  to  the  number 
of  outsourcing  deals  that  Ora¬ 
cle  claims  to  have  with  users  of 
its  E-Business  Suite  lli  applica¬ 
tions.  But  some  users  and  ana¬ 
lysts  said  there  are  obstacles  to 
Oracle’s  strategy  to  further  ex¬ 
pand  its  outsourcing  reach. 


Potential  customers  need  to 
do  a  cost-benefit  analysis  to 
determine  whether  database 
or  application  server  outsourc¬ 
ing  is  right  for  them,  said  Tom 
Wyatt,  president  of  the  inde¬ 
pendent  Oracle  Applications 
Users  Group,  which  is  based  in 
Atlanta.  Wyatt  works  as  direc¬ 
tor  of  Oracle  systems  at  Sitel 
Corp.,  a  customer  service  out¬ 


sourcing  firm  in  Baltimore. 

For  some  companies,  espe¬ 
cially  larger  ones,  ensuring  the 
security  of  their  databases 
might  outweigh  the  desire  to 
save  money  by  having  a  third- 
party  firm  such  as  Oracle  han¬ 
dle  the  software  administra¬ 
tion  work,  Wyatt  said. 

But  Paige  O’Neill,  senior  di¬ 
rector  of  outsourcing  market¬ 
ing  at  Oracle,  said  the  compa¬ 
ny’s  data  center  has  been  fully 
audited  for  security  capabili¬ 
ties.  Oracle  also  plans  to  work 
with  network  services  firms  to 
provide  secure  virtual  private 
network  connections  to  other 
data  centers  where  servers  are 
located,  she  added. 

Application  service  pro¬ 
viders  as  a  whole  haven’t  taken 
off  with  large  corporate  users, 
said  Laurie  McCabe,  an  analyst 


at  Boston-based  Summit  Strat¬ 
egies  Inc. 

To  win  the  trust  of  potential 
outsourcing  customers,  Mc¬ 
Cabe  said,  Oracle  has  to  offer 
compelling  pricing  and  top- 
notch  availability  and  perfor¬ 
mance  levels  on  the  9i  soft¬ 
ware,  as  well  as  rapid  response 
times  when  problems  occur. 

Winning  Converts 

William  MacLeod  is  one 
user  who’s  already  sold  on 
database  outsourcing.  He’s  the 
vice  president  of  IT  at  Telford, 
Pa.-based  Accu-Sort  Systems 
Inc.,  which  has  been  relying  on 
Oracle  for  round-the-clock 
management  of  its  database  for 
the  past  year. 

A  maker  of  industrial  bar¬ 
code  scanners,  Accu-Sort  in¬ 
stalled  the  database  at  its  own 
facility.  But  if  something  goes 
wrong  with  the  software,  a 
database  administrator  at  Ora¬ 
cle  receives  an  alert  and  ad¬ 
dresses  the  problem  remotely. 


AT  A  GLANCE 


Outside 

Management 

Details  about  the  new  Oracle9i 
software  management  out¬ 
sourcing  program: 

WHERE  THE  SOFTWARE  RESIDES: 

Users  have  a  choice:  The  software  can  be 
installed  at  Oracle,  in  their  own  data  centers 
or  at  data  centers  run  by  other  hosting 
firms. 

HOW  IT  WORKS:  Pretuned  software  and 
server  bundles  are  installed,  and  Oracle  is 
responsible  for  monitoring,  managing  and 
upgrading  the  systems. 

WHAT  IT  COSTS:  Software  license  fees 
and  technical  support  contracts  are  un¬ 
changed.  The  rest  of  the  cost  depends  on 
who  hosts  the  software. 


The  deal  has  reduced  in-house 
database  management  head¬ 
aches,  said  MacLeod,  adding 
that  he’s  investigating  the  idea 
of  letting  Oracle  host  and  man¬ 
age  Accu-Sort’s  applications.  ► 


Upgrades,  Image  Makeover  on  Tap  at  Oracle  Conference 


At  its  Oracle  AppsWorld  confer¬ 
ence  in  San  Diego  this  week,  Ora¬ 
cle  is  expected  to  prod  holdout 
users  to  upgrade  to  the  latest  re¬ 
lease  of  its  business  applications. 
But  users  and  analysts  said  the 
software  vendor  also  needs  to  ap¬ 
pear  more  user-friendly  in  order  to 
buff  up  its  image  with  customers. 

Oracle  doesn’t  plan  to  make 
any  major  product  announce¬ 
ments  at  the  conference.  Instead, 
the  company  will  once  again  try  to 
pitch  users  on  the  value  of  migrat¬ 
ing  to  the  Web-based  E-Business 
Suite  Hi  applications  that  it  re¬ 
leased  two  years  ago,  said  Fred 
Studer,  vice  president  of  E-Busi¬ 
ness  Suite  marketing  at  Oracle. 

Early  iterations  of  Hi  were 
plagued  with  bugs,  and  users  also 
complained  about  customer  ser¬ 
vice  lapses.  Oracle  has  largely  sta¬ 
bilized  the  software  and  beefed  up 
its  ability  to  meet  demands  for 


technical  support,  according  to 
users  and  analysts.  Nevertheless, 
it  may  still  have  to  confront  some 
user  concerns  about  upgrades  at 
AppsWorld,  they  said. 

Oracle  is  also  dealing  with  the 
lingering  fallout  from  a  lengthy 
feud  with  the  independent  Oracle 
Applications  Users  Group  (0AUG) 
over  the  futures  of  their  separate 
application  conferences. 

In  a  survey  of  139  0AUG  mem¬ 
bers  conducted  by  the  user  group 
and  New  York-based  Morgan 
Stanley  Dean  Witter  &  Co.  in  De¬ 
cember,  52%  of  the  respondents 
said  they  didn't  think  Oracle  was  a 
customer-centric  company. 

“Oracle  has  to  turn  around  its 
bad  customer  public  relations  re¬ 
garding  Hi  and  the  0AUG,"  said 
Joshua  Greenbaum,  an  analyst  at 
Enterprise  Applications  Consulting 
in  Daly  City.  Calif.  “I  expect  Apps¬ 
World  to  be  as  much  of  a  customer 


lovefest  as  Oracle  can  muster.” 

Donna  Rosentrater,  an  0AUG 
board  member,  said  she  won't  be 
attending  AppsWorld.  But  she  said 
that  in  general,  she’s  looking  for 
Oracle  to  be  more  accessible  to 
users  and  to  do  a  better  job  of  ex¬ 
plaining  how  its  new  products  can 
help  meet  their  business  needs. 

To  address  such  concerns, 
Oracle  plans  to  emphasize  cus¬ 
tomer  success  stories  and  high¬ 
light  its  upgrade  assistance  pro¬ 
grams  and  technical  education  of¬ 
ferings  at  AppsWorld,  Studer  said. 

About  1,500  users  are  actively 
running  Hi-based  systems,  ac¬ 
cording  to  Studer.  Another  3,000 
are  implementing  the  software  or 
upgrading  to  it,  he  said.  But  fewer 
than  half  of  the  application  users 
that  make  up  Oracle’s  installed 
base  have  completed  upgrades 
thus  far. 

-  Marc  L.  Songini 
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How  can  you  connect  old 
systems  to  new?  Internal 
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What  is  .NET  connected 
software?  Get  the  answers 
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Storage  Bosses  Need 
Tools  to  Manage  Data 


Interoperability,  ease  of  programming 
most  important,  conference  attendees  say 


BY  LUCAS  MEARIAN 

PALM  DESERT,  CALIF. 

"nformation  technolo¬ 
gy  executives  and  stor¬ 
age  administrators  who 
say  they’re  dealing  with 
.an  explosion  of  data  con¬ 
tinue  to  buy  cheap 
disk  storage  to  deal 
with  the  overload. 

Problem  is,  that  ap¬ 
proach  will  force 


STORAGE 

NETWORKING 


mance  parameters  for  business 
units,  which  will  then  be 
charged  by  use,  they  added. 

“Right  now,  90%  of  storage 
is  still  direct-attached,”  said 
Steve  Duplessie,  an  analyst 
at  The  Enterprise  Storage 
Group  Inc.  in  Mil¬ 
ford,  Mass.  “We 
spent  a  lot  of  years 
spending  money 
on  IT  like  drunken 


IT  managers  to  hire  additional 
staffers  and  spend  more  than 
they  need  to  manage  their  or¬ 
ganizations’  data  effectively. 

In  response  to  these  chal¬ 
lenges,  IT  managers  attending 
Computerworld’ s  Storage  Net¬ 
working  World  conference 
here  last  week  said  that  they’re 
considering  using  emerging 
storage  resource  management 
tools. 

But  even  those  tools  have 
shortcomings,  including  a  lack 
of  adherence  with  industry 
standards,  as  well  as  interoper¬ 
ability  issues  and  a  dearth  of 
security  features.  Those  draw¬ 
backs  have  kept  many  IT  man¬ 
agers  from  taking  the  plunge. 

“There’s  an  insatiable  de¬ 
mand  on  IT  departments  to 
put  data  online,”  said  Michael 
Prince,  vice  president  and  CIO 
at  Burlington  Coat  Factory 
Warehouse  Corp.  in  Burling¬ 
ton,  N.J.  “We’ve  embraced 
every  bit  of  storage  technology 
in  terms  of  innovation  [that] 
we  could  over  the  past  few 
years  . . .  yet  the  complexity 
and  interoperability  issues  are 
huge  things.” 

However,  during  the  next 
fw  o  years,  intelligent  RAID  de¬ 
vices  and  software  will  enable 
IT  departments  to  provide 
p'rige  as  an  enterprisewide 
•  :  Pit v  that  can  be  centrally 
'  d  from  many  resources, 

■  c,  practitioners.  Stor- 
•  T  be  set  up  under  tem- 
a  pacify  and  perfor- 


WORLD 

sailors.  We  can’t  do  that  any¬ 
more.  It’s  just  not  reasonable 
to  think  we  can  still  scale  in  the 
same  order  of  magnitude.” 

Karl  Huff,  a  vice  president  at 
Northern  Trust  Corp.  in  Chica¬ 
go,  said  his  company  has  been 
trying  to  do  more  with  less  as 
its  data  storage  requirements 
have  exploded  from  1TB  of  ca¬ 
pacity  in  1999  to  more  than 
40TB  in  a  storage-area  net¬ 
work  (SAN)  today.  That  num¬ 
ber  is  expected  to  grow  to 
100TB  by  early  next  year. 

“At  that  growth  rate,  if  you 


don’t  have  management  sys¬ 
tems  in  place,  you’re  going  to 
have  trouble,”  said  Huff,  whose 
storage  administrators  had 
been  keeping  track  of  applica¬ 
tions  and  their  use  on  spread¬ 
sheets  —  something  that  be¬ 
came  far  too  complicated  over 
time. 

“If  a  switch  port  goes  out,  I 
don’t  know  who  to  call,”  said 
Huff,  who  is  rolling  out  storage 
management  software  from 
Scotts  Valley,  Calif.-based  In- 
terSAN  Inc. 

Over  the  past  two  years, 
Northern  Trust  has  been  build¬ 
ing  a  SAN  that  will  be  remotely 
mirrored  to  a  secondary  data 
center  about  90  miles  outside 
of  Chicago  by  year’s  end.  Cur¬ 
rently,  that  infrastructure  has 


“THERE’S  an  insatiable  demand” 
to  store  data  online,  says  Michael 
Prince,  Burlington  Coat’s  CIO. 


Bank  Centralizing  Storage  With  SAN 


Robert  Smalley,  senior  project  spe¬ 
cialist  at  the  Bank  of  Montreal  in 
Toronto,  said  his  company  is  in  the 
middle  of  converting  from  direct- 
attached  storage  to  a  SAN  to  con¬ 
solidate  its  more  than  300  servers 
across  three  data  centers. 

Smalley  estimated  the  bank  will 
spend  about  $20  million  over  the 
next  five  years  to  build  a  centrally 
managed,  shared-storage  infrastruc¬ 
ture.  So  far,  the  bank  has  laid  out 
its  Fibre  Channel  infrastructure  us¬ 
ing  a  64-port  director-class  switch, 
installed  a  125TB  tape  library  and 
recently  hooked  up  a  10TB  IBM  En¬ 
terprise  Storage  System  RAID  box. 

Still  missing  from  the  equation 


is  vendor  support  for  the  entire 
SAN  and  a  robust  set  of  storage  re¬ 
source  management  tools,  accord¬ 
ing  to  Smalley. 

“This  is  an  evolution,  not  a  revo¬ 
lution,”  he  said.  “We  want  the  ven¬ 
dors  to  listen  to  the  customer.  We 
want  interoperability  between  de¬ 
vices  and  [software]  tools.” 

However,  Smalley  said  that  the 
benefit  of  beginning  a  server  con¬ 
solidation  is  that  it  makes  more 
sense  than  continuing  to  pay  for 
dead-end  direct-attached  storage. 
As  he  put  it,  “The  risk  of  doing 
nothing  becomes  more  risky  than 
doing  something.” 

-  Lucas  Mearian 


to  be  managed  from  many  dif¬ 
ferent  consoles. 

The  return  on  investment 
for  purchasing  a  storage  man¬ 
agement  tool,  Huff  said,  lies  in 
having  a  Web-based  browser 
that  can  automatically  discov¬ 
er  his  entire  storage  infrastruc¬ 
ture  from  one  storage  adminis¬ 
trator’s  desktop  and  centrally 
manage  it  “without  the  [IT] 
help  desk  getting  involved.” 
That  can  help  cut  down  on 
help  desk  and  storage  support 
costs,  he  said. 

Other  IT  executives  said  it’s 
simply  cheaper  to  buy  more 


disk  storage  than  to  spend 
money  on  software  to  manage 
it  more  efficiently.  But  Dup¬ 
lessie  and  others  pointed  out 
that  the  storage  price  of  4  cents 
to  10  cents  per  megabyte 
doesn’t  include  the  manage¬ 
ment  and  maintenance  of 
those  disk  storage  systems, 
which  research  firms  estimate 
to  cost  six  to  10  times  as  much 
as  the  physical  disk.  ► 

For  more  information 
VyUlLiV  on  this  topic,  visit 
T  in1/A  our  Storage 
I  ill  U\V  Knowledge  Center: 

www.computerworld.com/q7k1700 


CTO:  The  Not-So-Popular,  Misunderstood  Title  Needs  Defining 


The  title  of  chief  technology  officer, 
though  used  by  nearly  10%  of 
Fortune  500  companies  in  the  U.S., 
has  yet  to  develop  into  a  clearly  de¬ 
fined  role,  according  to  one  New 
York  executive  management 
search  firm. 

And  if  the  CTO  title  ever  does 
gain  full  acceptance,  it  will  take  at 
least  10  years  for  that  to  occur  -  the 
same  amount  of  time  it  took  for  the 
CIO  title  to  be  embraced.  That’s  the 
assessment  of  IT  executives  polled 
on  the  topic  at  Computerworld’s 
Storage  Networking  World  confer¬ 
ence  last  week. 

John  Davis,  president  of  New 
York-based  executive  search  firm 
John  J.  Davis  &  Associates,  said 
the  CTO  role  continues  to  be 
defined  and  its  adoption  has  been 
slow  in  part  due  to  the  recession. 

The  issue,  Davis  says,  is  whether 


the  CTO  reports  “to  the  CIO,  or  vice 
versa?  Or  are  they  complementary 
positions?  Is  the  CTO  part  of  the  IT 
organization,  or  does 
the  CTO  have  a  super¬ 
numerary  role  that  re¬ 
ports  directly  to  the 
senior  management 
team?  We've  seen 
everything." 

Mike  Prince,  CIO  at 
Burlington  Coat  Facto 
ry  Warehouse,  agreed 
that  there’s  no  clear 
definition  of  what  a 
CTO  does.  Though 
Prince  said  he 
wouldn’t  hire  a  CTO 
now,  he  might  consider  creating  the 
position  someday,  more  as  a  retain- 
ment  incentive  to  a  good  manager 
than  as  a  necessary  job. 

“It  might  even  be  a  way  for  me  to 


HUFF  says  Northern’s 
new  CTO  is  a  CIO  in 
effect. 


semiretire  and  help  the  company 
move  forward  with  its  direction,” 
Prince  said. 

Karl  Huff,  a  vice 
president  at  Northern 
Trust,  said  his  compa¬ 
ny’s  CTO  is  its  first 
and  agreed  with 
Prince  that  the  title 
has  more  to  do  with 
politics  than 
necessity. 

“He’s  the  CIO, 
basically,"  Huff  said. 
“But  whether  a 
company  has  the  title 
or  not,  there  are  peo¬ 
ple  doing  the  job  - 
setting  the  technology  direction." 

Most  IT  executives  polled  at  the 
conference  agreed  that  the  CTO 
should  be  the  long-term  technology 
visionary  at  a  company,  concerned 


more  with  promoting  IT  projects 
than  with  business. 

Paul  Borrill,  CTO  at  Veritas  Soft¬ 
ware  Inc.  in  San  Jose,  said  the  CTO 
“is  not  important  for  things  that 
must  be  delivered  next  quarter"  but 
that  the  position  is  evolving  into 
an  important  role  for  promoting 
growth  through  the  use  of  technol¬ 
ogy  to  automate. 

Carry  Todd,  CTO  at  First  Advan¬ 
tage  Federal  Credit  Union  in  New¬ 
port  News,  Va.,  said  many  compa¬ 
nies  that  have  defined  the  CTO’s 
mission  mistakingly  make  it  that  of 
chief  technology  developer. 

“I  don’t  think  it’s  developing  as 
much  as  directing.  I  really  think  it’s 
understanding  the  business  and 
then  directing  the  technology  to 
it,”  Todd  said.  “It’s  about  forming 
the  relationship  with  the  business 
side,  where  it  then  becomes  own¬ 
ership.” 

-  Lucas  Mearian 
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Dell  Details  Its 
Newest  Servers... 


Dell  Computer  Corp.  announced 
several  servers,  including  its  first 
blade  server  and  a  pair  of  four- 
processor  systems  based  on  Intel 
Corp.’s  Xeon  MP  chips.  Along  with 
the  hardware,  Dell  introduced  serv¬ 
er  management  software  that  sup¬ 
ports  remote  systems  deployment 
and  said  it’s  jointly  developing  Infini¬ 
Band-based  server  interconnect 
technology  with  Microsoft  Corp. 

. . .  With  Q1  Revenue 
Better  Than  Expected 

Dell  also  said  it  expects  to  meet  its 
fiscal  first-quarter  earnings  projec¬ 
tions  on  better-than-expected  rev¬ 
enue,  although  business  in  the  quar¬ 
ter  ending  May  3  likely  will  still  be 
down  slightly  from  the  year-earlier 
level  of  S8  billion.  The  company  said 
first-quarter  revenue  should  total 
about  S7.9  billion,  compared  with 
earlier  estimates  that  sales  might  be 
as  low  as  S7.7  billion. 

SWIFT  Drops  Net  Deal 
With  Global  Crossing 

The  Belgium-based  Society  of 
Worldwide  Interbank  Financial 
Telecommunications  (SWIFT)  ended 
an  exclusive  network  services  deal 
with  Hamilton,  Bermuda-based 
Global  Crossing  Holdings  Ltd., 
which  is  in  bankruptcy  proceedings. 
SWIFT,  a  global  cooperative  that 
clears  money  transfers  between 
banks,  said  it’s  taking  back  owner¬ 
ship  of  its  X.25  and  IP  networks. 

Short  Takes 

San  Jose-based  EBAY  INC.  said  it 
fixed  a  security  hole  that  could  have 
let  attackers  change  passwords  be¬ 
longing  to  users  of  its  Web  site. . . . 
Brampton,  Ontario-based  NORTEL 
'  LKS  CORP.  dropped  four 
u*tent  infringement  claims  against 
San  Jose-based  ONI  SYSTEMS 
but  said  it  will  continue  to 
pursue  a  fifth  charge. 
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Wartime  CIOs  Alter 
Security  Strategies 

Sept.  11  has  taught  federal  IT  leaders  lessons 
on  the  value  of  security,  continuity  planning 


BY  DAN  VERTON 

NEWPORT.  R.l. 

nformation  technolo¬ 
gy  managers  at  U.S.  fed¬ 
eral  government  agen¬ 
cies  are  applying  the 
lessons  learned  from  the 
Sept.  11  attacks  to  improve 
planning  for  continuity  of  op¬ 
erations  during  possible  major 
IT  disasters  in  the  future. 

Speaking  here  last  week  at 
the  annual  meeting  of  the 
Tiverton,  R.I.-based  National 
High  Performance 
Computing  and  Com¬ 
munications  Council, 
a  group  of  five  federal 
CIOs  and  senior  IT 
executives  said  IT  security  and 
its  role  in  continuity  of  opera¬ 
tions  has  taken  on  heightened 
importance  since  Sept.  11. 

There’s  an  increased  empha¬ 
sis  at  federal  agencies  to  make 
operational  continuity  plans 
“living  documents,”  said  San¬ 
dra  Bates,  commissioner  of  the 
Federal  Technology  Service. 

The  U.S.  Department  of  La¬ 
bor,  which  manages  employ¬ 
ment  and  unemployment  ben¬ 


efits  for  millions  of  Ameri¬ 
cans,  lost  two  offices  and  its 
inspector  general  in  the  at¬ 
tacks  on  the  World  Trade  Cen¬ 
ter  and  was  forced  to  put  its 
disaster  recovery  plan  into  ac¬ 
tion  without  ever  having  re¬ 
hearsed  it,  said  Laura  Calla¬ 
han,  the  agency’s  CIO. 

One  of  the  most  important 
lessons  to  come  out  of  that  ex¬ 
perience,  she  said,  is  the  need  to 
plot  a  well-conceived  commu¬ 
nications  strategy  in  advance. 

“We  couldn’t  talk  to 
each  other,”  said  Calla¬ 
han,  because  of  cell 
phone  overload  prob¬ 
lems  and  a  four-hour 
“dark”  period  during  which  the 
agency  shut  down  its  networks 
to  assess  the  damage. 

Since  the  terrorist  attacks, 
the  agency  has  also  moved  to 
deputize  its  workers  and  cre¬ 
ate  what  Callahan  calls  a 
“neighborhood  watch”  pro¬ 
gram,  through  which  they  can 
report  anything  that  doesn’t 
seem  right  to  them. 

The  Department  of  the  Inte¬ 
rior  is  also  working  on  devel¬ 


oping  reporting  procedures 
for  managing  any  future  disas¬ 
ters  and  is  focusing  on  inte¬ 
grating  security  and  business 
continuity  operations  into  its 
capital  planning  process,  Cal¬ 
lahan  said. 

“We  don’t  do  capital  planning 
with  an  understanding  of  the 
risk,”  said  Daryl  White,  CIO  at 
the  Interior  Department.  “We 
do  it  after  the  fact.  We  have  to 
get  away  from  that  mentality.” 

To  break  away  from  that  ap¬ 
proach,  network  architecture 
specialists  at  the  agency  are 
now  being  brought  into  the 
thick  of  the  security  planning 
process  at  the  agency,  said 
White. 

In  the  Works 

Lee  Holcomb,  CIO  at  NASA, 
said  agencies  and  private  com¬ 
panies  “need  to  architect  net¬ 
works  to  isolate  mission-criti¬ 
cal  systems.” 

One  such  plan  that  is  cur¬ 
rently  being  studied  at  NASA 
is  the  use  of  security  “honey- 
pots,”  or  decoy  systems,  to  di¬ 
vert  attackers  away  from  sensi¬ 
tive  operational  systems,  said 
Holcomb. 

Sallie  McDonald,  assistant 
commissioner  for  the  Office 
of  Information  Assurance  and 


Federal  Security 
Programs  to  Watch 

Program:  Patch  Authentication 
and  Dissemination  Capability 
Time  frame:  Task  order  awarded 
in  March  to  Science  Applications 
International  Corp. 

Goal:  To  automate  dissemination  of 
software  patches  as  soon  as  they 
are  available. 

Program:  Security  Toolkit 
Time  frame:  2003 
Goal:  To  combine  various  security 
services  into  a  suite  of  products  avail¬ 
able  for  free  to  all  federal  agencies. 

Program:  Data  Analysis 
Capability 

Time  frame:  Pilot  2002;  full 
capability  2003 

Goal:  To  obtain  automated,  cus¬ 
tomized  incident-handling  and 
analysis  of  vulnerabilities. 


Critical  Infrastructure  Protec¬ 
tion  at  the  General  Services 
Administration,  said  there  are 
also  several  security  programs 
in  the  works  that  are  designed 
to  improve  everything  from 
patch  management  to  secure 
collaboration  and  vulnerability 
analysis  (see  box). 

“We’re  trying  to  develop  a 
culture  of  security  in  federal 
civilian  agencies,”  McDonald 
said.  ► 

MORE  HIS  ISSUE 

For  more  on  how  businesses  can  prepare 
for  potential  cyberattacks,  see  page  30. 


SEC 

URITY 

WA 

TCH 

Federal  Agency  Faces  Judicial  Ultimatum 


Government  CIOs  are  facing  a  new 
denial-of-service  attack  threat:  the 
federal  judicial  system. 

When  asked  if  the  Sept.  11  terror¬ 
ist  attacks  had  a  significant  impact 
on  how  his  agency  conducts  IT  se¬ 
curity  planning.  Department  of  the 
Interior  CIO  Daryl  White  said  no. 
However,  an  unusual  type  of  denial- 
of-service  attack  launched  against 
his  agency  on  Dec.  5  did  create 
havoc,  he  said. 

On  that  date,  U.S.  District  Judge 
Royce  Lamberth  ordered  the  agency 
to  shut  down  all  of  its  Internet  con¬ 
nections,  after  hackers  from  New 
York-based  security  firm  Predictive 


Systems  Inc.  compromised  the 
Bureau  of  Indian  Affairs’  $40  million 
trust  accounting  system. 

“Our  COOP  had  flown,”  said 
White,  referring  to  the  agency’s 
continuity  of  operations  plan. 

Since  then,  about  90%  of  the 
agency’s  divisions  have  been  allowed 
back  online  after  having  shown  that 
they  don’t  contain  gaps  or  informa¬ 
tion  related  to  the  trust  fund. 

But  the  Interior  Department  has 
been  nearly  crippled  by  the  court 
order,  said  White. 

The  decision  amounted  to  a 
“judicially  directed  denial-of-service 
attack,”  said  White,  citing  the  loss 


of  the  agency’s  e-mail  capabilities 
and  interactive  Web  presence. 

"We  did  not  realize  that  it  could  be 
done  through  the  courts.  We’re  still 
suffering  from  a  dose  of  reality.” 

Part  of  that  reality  includes  be¬ 
ing  forced  to  revert  back  to  paper- 
based  processes  at  a  time  when 
the  entire  federal  government  is 
facing  an  October  2003  congres- 
sionally  mandated  deadline  to  au¬ 
tomate  business  processes. 

“Our  decision  times  and  cycle 
times  have  really  suffered,"  White 
noted. 

As  a  result  of  the  security  audit, 
the  Interior  Department  is  being 
forced  to  establish  clear  policies 
and  procedures  so  that  incident  re¬ 
sponse  and  recovery  “become  re¬ 


peatable  events,”  he  said. 

Although  critics  have  accused 
the  agency  of  not  being  able  to 
deploy  and  manage  security  tech¬ 
nologies  to  prevent  problems  from 
occurring.  White  is  now  taking 
steps  to  improve  data  manage¬ 
ment  and  the  agency's  secure 
architecture. 

“IT  security  is  a  question 
of  accountability,”  said  White. 

“You  can’t  hold  firewalls  account¬ 
able.  You  can  only  hold  people 
accountable." 

-  Dan  Verton 


To  read  about  the  ongoing  problems 
posed  by  denial-of-service  attacks, 

see  page  8. 


Regional  Floral  Network,  February  14 


Continued  from  page  1 

VAN  Spat 

“There’s  always  more  than 
one  way  to  skin  a  cat,  and 
maybe  these  bigger  [VANs] 
will  discover  they’re  not  as 
important  as  they  thought  they 
were,”  he  said.  “If  this  was  a 
power  play,  it  didn’t  work.” 

But  Ken  Vollmer,  an  analyst 
at  Giga  Information  Group  Inc. 
in  Cambridge,  Mass.,  said  ICC 
may  not  be  able  to  absorb  the 
extra  fees  indefinitely.  “They 
can  only  afford  to  eat  those 
charges  for  so  long,”  he  said. 

Gregory  Onjack,  data  inter¬ 
change  e-commerce  adminis¬ 
trator  at  Mack  Trucks  Inc.  in 
Allentown,  Pa.,  said  VAN  users 
need  assurances  that  they 
won’t  be  subject  to  these  kinds 
of  unexpected  changes.  He 
pointed  out  that  telecommuni¬ 
cations  firms  can’t  randomly 
disconnect  from  one  another. 

Onjack  said  Mack  Trucks 
has  200  suppliers  on  Sterling’s 
network  and  more  than  350  on 
GXS’s  VAN.  Mack  used  to  be  a 
GXS  customer,  but  he  said  it 
switched  early  last  year  be¬ 
cause  ICC’s  prices  were  70% 
lower  than  the  $20, 000-plus 
monthly  fee  it  paid  to  GXS. 

Now,  Onjack  said,  both  GXS 
and  Sterling  have  offered  to 
meet  ICC’s  price  if  Mack  shifts 
to  their  networks.  “To  me,  this 
is  a  terrible  business  practice,” 
he  said.  “I  call  it  price  fixing.” 

Russell  Stultz,  president  and 
CEO  of  Wordware  Publishing 


AT  A  GLANCE 


New  Plans 
For  VAN 

Some  of  the  changes  EDI  net¬ 
work  operators  have  made  to 
handle  Internet  transactions: 

«  Some  VANs  use  simpler  communications 
standards  like  file  transfer  protocol  and  off- 
:  tie-shelf  messaging  middleware  rather 
ion  proprietary  EDI  links. 

t'.vork  operators  can  offer  HTTP  or  https 
■  .g  on  level  of  security  users  want. 

Vs  now  provide  Web-based 
(transaction  information. 

■  '  "h  dropped  kilocharacter 
■  '..  ‘.ge -based  pricing  in  favor 

•V  Mutual  license  fees. 
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Looking  for  Plan  B 

Devon  Johnson,  EDI  manager  at 
frozen  dough  manufacturer  Rhodes 
International  Inc.  in  Salt  Lake  City, 
says  about  half  of  his  EDI  traffic 
comes  through  the  Sterling  Com¬ 
merce  value-added  network  (VAN). 

In  October,  Rhodes  switched  from 
Sterling  to  ICC  with  the  hope  of  reap¬ 
ing  deep  savings  in  its  VAN  charges. 


So  when  Sterling  disclosed  to  cus¬ 
tomers  that  it  would  disconnect  from 
New  York-based  ICC,  Johnson  began 
setting  up  an  account  with  E-Com 
Systems  Inc.  in  Hamilton,  Bermuda, 
as  his  backup.  “Although  we  don’t  ex¬ 
pect  this  to  cost  a  great  deal  finan¬ 
cially,  it  is  taking  a  lot  of  our  time  to 
take  a  precaution  that  shouldn’t  be 
necessary,”  he  said. 

Frank  Kenney,  an  analyst  at  Gart¬ 
ner  Inc.  in  Stamford,  Conn.,  warned 


that  part  of  the  cost  of  doing  busi¬ 
ness  in  the  VAN  world  is  that  continu¬ 
ity  of  service  isn’t  guaranteed. 

"As  fat-cattish  as  these  [estab¬ 
lished]  companies  seem  to  be, 
they've  invested  millions  upon 
millions  upon  hundreds  of  millions  in 
their  infrastructure,”  he  said.  ‘They’re 
not  a  public  utility.” 

Kenney  added  that  users  need 
to  be  aware  of  the  state  of  the  VAN 
industry.  Peregrine  Systems  Inc.  in 


San  Diego  is  selling  its  40,000- 
customer  e-commerce  unit,  which 
could  affect  its  interconnects. 

If  intra-industry  tussles  are  too 
distracting,  Kenney  suggested 
that  enterprise  portals  and  private 
and  public  e-marketplaces  offer  an 
alternative. 

“People  may  say,  ‘Hey,  I’m  going 
to  start  doing  this  myself,' "  he  said. 
“The  technology's  out  there.” 

-  Michael  Meehan 


Inc.  in  Plano,  Texas,  said  that 
he  also  was  contacted  by  Ster¬ 
ling  shortly  after  it  informed 
customers  in  January  that  it 
would  disconnect  from  ICC. 

“The  timing  seemed  to  im¬ 
ply  that  if  we  didn’t  switch, 
we’d  no  longer  be  able  to  trade 
with  Borders  and  Walden- 
books  via  EDI,”  he  said. 


A  GXS  spokesman  denied 
that  the  company’s  decision  to 
sever  its  connection  to  ICC’s 
network  was  a  case  of  corpo¬ 
rate  bullying.  He  also  denied 
that  GXS  is  engaging  in  any 
price  fixing,  saying  that  its  of¬ 
fers  to  prospective  customers 
“are  made  unilaterally,  based 
upon  our  own  information.” 


Sterling  declined  specific 
comment  but  said  it  has  “an  ac¬ 
tive  plan  to  enable  customers 
affected  by”  the  termination  of 
its  link  to  ICC’s  network. 

ICC  CEO  Mike  Cassidy  ac¬ 
knowledged  that  the  discon¬ 
nects  will  prevent  the  company 
from  meeting  its  goal  of  be¬ 
coming  profitable  this  month. 


But  he  said  ICC  will  survive  the 
spats  with  Sterling  and  GXS. 

Other  new  VANs  haven’t 
faced  the  same  kinds  of  prob¬ 
lems,  Vollmer  said.  “There’s 
something  going  on  [with 
ICC]  that  we  don’t  know,” 
Vollmer  said.  “I’m  sure  at  some 
point  there’ll  be  lawsuits  flying 
around,  and  we’ll  find  out.”  I 


Continued  from  page  1 

VOIP 

one  network  that’s  going  to 
handle  both  voice  and  data,” 
said  Mark  Katsourous,  commu¬ 
nication  automation  specialist 
at  the  University  of  Maryland 
in  College  Park.  “We’re  talking 
a  major  forklift  upgrade.” 

The  university  has  installed 
VOIP  phones  made  by  Basking 
Ridge,  N.J. -based  Avaya  Inc.  in 
some  of  its  dormitories  and  re¬ 
mote  locations.  But  to  do  a 
wider  rollout,  Katsourous  said, 
he  would  first  need  to  install 
new  routers  that  could  guaran¬ 
tee  voice  quality  and  backup 
power  for  the  voice  devices. 

“There  is  no  such  thing  as  a 
quick  voice  over  IP  implemen¬ 
tation,”  said  Zeus  Kerravala,  an 
analyst  at  The  Yankee  Group  in 
Boston.  He  said  one  of  the  chief 
limiting  factors  is  that  a  wide- 
area  network  using  a  T3  carrier 
line  “is  only  one-half  the  speed 
of  a  typical  LAN,”  which  is  the 
bandwidth  VOIP  requires. 

St.  Michael’s  Hospital  in 
Toronto  recently  boosted  band¬ 
width  from  3M  to  40M  bit/sec. 
on  its  LAN  and  20M  bit/sec.  on 
its  WAN.  “I  wouldn’t  have  en¬ 
tertained  voice  over  IP  on  our 
previous  network,”  said  CIO 
John  Wegener. 


Like  other  users,  St.  Mi¬ 
chael’s  is  using  a  VOIP/private 
branch  exchange  (PBX)  con¬ 
vergence  tool  as  it  transitions 
to  Internet  telephony.  Wegener 
stressed  the  importance  of 
getting  VOIP,  telecommunica¬ 
tions  and  network  vendors  on 
the  same  page  before  starting  a 
major  project. 

“You  really  need  all  three  of 
them  around  the  table  if  you 
want  to  get  things  resolved,”  he 
said.  “You  need  to  lay  out 
who’s  responsible  for  what 
from  the  start,  because  it  never 
goes  100%  smooth.” 

More  customers  will  likely 
be  calling  those  powwows  in 
coming  years,  according  to 
Kerravala.  He  said  that  while 
over-all  demand  for  phone  sys¬ 
tems  likely  will  be  down  slight¬ 
ly  this  year,  Yankee  Group  ex¬ 
pects  VOIP’s  share  of  the  mar¬ 
ket  for  new  installations  to  rise 
from  10%  in  2001  to  25%. 

The  city  of  Houston  last 
month  began  work  on  what  it 
says  will  be  the  largest  VOIP 
deployment  by  any  govern¬ 
ment  body  in  the  U.S.  to  date, 
linking  25,000  phones  in  a  $15.7 
million,  18-month  project. 

Denny  Piper,  the  city’s  CIO, 
admitted  that  it  won’t  be  easy. 
“We’re  going  to  find  some 
holes  in  our  network,  but  we 
would  have  had  those  anyway,” 
he  said.  “That  you  might  run 


into  problems  is  not  justifica¬ 
tion  for  not  doing  it.” 

Houston’s  municipal  gov¬ 
ernment  currently  operates  47 
PBX  phone  systems  and  43 
separate  voice-mail  systems.  It 
has  spent  the  past  five  years  in¬ 
stalling  a  Cisco  Systems  Inc. 
network  and  will  also  use  Cis¬ 
co  as  its  VOIP  vendor. 

But  even  with  a  single  ven¬ 
dor,  there  are  costly  redun¬ 
dancy  and  quality-of-service 
issues,  Piper  said.  “We’re  look¬ 
ing  at  another  $2.2  million  in 
incremental  network  upgrades 
over  the  next  year,”  he  added. 


Steve  Leaden,  president  of 
telecommunications  and  net¬ 
working  consulting  firm  Lead¬ 
en  Associates  Inc.  in  Washing- 
tonville,  N.Y.,  said  he  believes 
that  protracted  VOIP  imple¬ 
mentations  will  prove  a  major 
challenge  for  IT  executives. 

“Every  IT  department  I  talk 
to  that’s  doing  this,  these  guys 
are  on  total  overwhelm,”  Lead¬ 
en  said. I 

Users  are  looking  for 
yV^.  -I  better  monitoring  of 

Linkil  VOIP  networks: 


www.computerworld.com/q?28672 


Network  Needs 

Users  considering  VOIP  installations  should  check  these  items 
to  make  sure  their  networks  are  ready  for  the  technology: 

■  Measure  and  characterize  end-to-end  delays  and  packet  loss 
for  IP  telephony  across  your  network. 

■  Companies  with  slower  networks  or  nets  running  near 

i  capacity,  make  sure  wiring  closets  recognize  the  802.1P  protocol 

;  for  traffic  prioritization  at  Layer  2. 

O  — . .  -  -  - 

o  ■  Your  core  data  network  must  be  able  to  prioritize  packets  at 
|  Layer  3. 

<  . . . 

“  ■  Determine  WAN  use,  preferably  no  more  than  85%  at  peak 
P  traffic  times. 

£  ■  Identify  your  low-speed  links  (under  256K);  these  may  degrade 
*  voice  quality. 

uj  - — -  ■  ■  ■  . . . . 

^  ■  Probe  for  network  trouble  spots  (dropped  packets,  queue 
g  exhaustion,  ingress/egress  interference,  CPU  use). 

z  - - - 

B  ■  Determine  whether  you  need  to  add  redundant  power  supplies 
|  to  ensure  reliability. 

<o  _ _ 


Online  Gift  Retailer,  October  24 


Online  Gift  Retailer,  December  24 


Satellite  Radio  Operators 
Claim  Wireless  Interference 


Start-ups  ask  FCC  to  restrict  emissions 
from  Wi-Fi  networks ,  Bluetooth  devices 


BY  BOB  BREWIN 

wo  start-up  satel¬ 
lite  radio  opera¬ 
tors  are  asking  the 
Federal  Commu¬ 
nications  Com¬ 
mission  to  sharply  limit  emis¬ 
sions  from  wireless  LANs, 
Bluetooth  short-range  wireless 
devices  and  fixed  wireless  sys¬ 
tems  that  operate  in  an  unli¬ 
censed  band  adjacent  to  the 
spectrum  they  have  licensed. 

The  rival  radio  ventures  — 
New  York-based  Sirius  Satel¬ 
lite  Radio  Inc.  and  Washing- 
ton-based  XM  Satellite  Radio 
Inc.  —  argue  that  the  FCC’s 
rules  are  designed  to  prevent 


unlicensed  systems  from  inter¬ 
fering  with  licensed  ones.  But 
wireless  LAN  operators  con¬ 
tend  that  they  don’t  cause  un¬ 
due  interference. 

The  confrontation 
bubbled  out  of  regu¬ 
latory  obscurity  late 
last  month,  when 
FCC  Chairman  Michael  Powell 
told  attendees  at  the  PC  Forum 
2002  conference  in  Scottsdale, 
Ariz.,  that  he  wanted  to  hear 
their  comments  on  the  issue. 

In  a  Jan.  23  filing,  Sirius  asked 
the  FCC  to  restrict  the  power 
of  unlicensed  wireless  systems 
operating  in  the  2.4-GHz  band. 
Sirius  said  in  its  petition  that 


out-of-band  emissions  from 
devices  such  as  802.11b  Wi-Fi 
wireless  LANs  “seriously 
threatened”  deployment  of  the 
fee-based  radio  systems  that  it 
and  XM  have  spent  a  total  of  $3 
billion  to  develop. 

The  alleged  interference 
problems  with  the  2.3-GHz 
band  used  by  the  ra¬ 
dio  operators  could 
be  resolved  by  in¬ 
stalling  filtering 
technology  on  Wi-Fi 
and  Bluetooth  devices,  Sirius 
claimed.  An  XM  spokesman 
agreed,  saying  that  filters 
could  be  added  by  wireless  de¬ 
vice  makers  at  “a  modest  cost.” 

But  Guy  Hamblen,  a  manag¬ 
er  in  the  wireless  telecommu¬ 
nications  group  at  United  Par¬ 
cel  Service  Inc.  in  Atlanta, 
characterized  the  Sirius  peti¬ 


tion  as  a  case  of  “asking  for  the 
moon  and  negotiating  down 
from  there.”  UPS  is  in  the 
process  of  deploying  some  of 
the  world’s  largest  wireless 
LAN  and  Bluetooth  networks. 

Hamblen  said  any  potential 
interference  between  Wi-Fi 
devices  and  satellite  radios  is 
close  to  immeasurable.  “At  a 
distance  of  anything  more  than 
100  feet,  the  interference  is  in¬ 
finitesimal,”  he  said.  But  Blue¬ 
tooth  systems  that  link  cord¬ 
less  headsets  and  cell  phones 
in  cars  that  are  equipped  with 
satellite  radios  may  be  a  bigger 
concern,  Hamblen  said. 

If  approved,  the  Sirius  peti¬ 
tion  would  “severely  hinder” 
users  of  the  unlicensed  spec¬ 
trum,  said  Andrew  Kreig,  pres¬ 
ident  of  the  Wireless  Commu¬ 
nications  Association  Interna- 
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Campbell  Looks  to  Link 
Applications  on  Intranet 


New  portal  eyed  as 
single  source  of 
data  for  end  users 


BY  JENNIFER  DlSABATINO 

Campbell  Soup  Co.  has  a  mul¬ 
titude  of  intranet  sites  from 
which  its  sales  force  and  other 
employees  can  get  informa¬ 
tion,  but  many  of  them  are  nev¬ 
er  used.  Joe  Brand  is  trying  to 
change  that. 

Brand,  director  of  enterprise 
architecture  at  the  Camden, 
N.J.-based  food  company,  is 
overseeing  the  creation  of  a 
Web-based  corporate  portal 
that’s  designed  to  eventually 
serve  as  a  single  source  of  data 
cm  ployees  at  Campbell’s  op- 
-T,11  ons  around  the  world  and 
.  of  its  business  partners. 
Fbe  portal  is  being  run  in  pi¬ 


lot  mode  now  and  is  scheduled 
to  go  live  May  18.  Brand  said 
the  initial  version  will  feature 
typical  portal  fodder:  human 
resources  applications. 

But  Brand  added  that  the 
portal,  which  is  based  on  IBM 
software  and  is  being  devel¬ 
oped  through  an  IT  services 
contract  with  IBM,  has  an  in¬ 
frastructure  that  should  let 
Campbell  rapidly  bring  its  oth¬ 
er  applications  and  databases 
online. 

Increased  Productivity 

The  next  applications  to  be 
tied  to  the  portal  will  be  sales 
force  automation  tools.  Camp¬ 
bell  also  plans  to  add  business 
processes,  such  as  its  online 
procurement  activities. 

Brand  wouldn’t  disclose  the 
cost  of  the  project.  But  he  said 
company  officials  expect  the 
portal  to  increase  productivity 


Portal  Services 

Details  about  IBM’s  new 
corporate  portal  offering: 


KEY  TECHNOLOGIES 


■  WebSphere  portal  and  applica¬ 
tion  server  software 

■  Lotus  Domino,  Sametime  and 
QuickPlace  applications 

■  Tivoli  security  management 
tools 

■  DB2  Universal  Database 


TARGETED  USES 


■  Consolidation  of  multiple 
intranets  into  a  single  portal 

■  Employee  and  customer  self- 
service  applications 

■  Online  collaboration  and 
increased  mobile  support 

■  Web-based  corporate  training 


by  reducing  the  amount  of 
time  employees  spend  search¬ 
ing  for  information. 

The  portal  includes  e-mail, 
conferencing,  instant  messag¬ 
ing  and  collaboration  tools  de¬ 
veloped  by  IBM’s  Lotus  Soft¬ 


ware  Group,  plus  other  IBM 
technologies.  IBM  announced 
late  last  month  that  Campbell 
was  the  first  customer  of  a  new 
Dynamic  Workplaces  IT  ser¬ 
vices  offering  that  utilizes  the 
various  products  (see  chart). 

Campbell  was  already  using 
Lotus  Notes,  but  Brand  said 
that  wasn’t  the  key  to  its  deci¬ 
sion  to  go  with  IBM  on  the  por¬ 
tal  project.  He  said  the  big  sell¬ 
ing  point  was  IBM’s  plan  to  add 
support  for  Java  2  Enterprise 
Edition  in  new  versions  of  Lo¬ 
tus’  products,  a  strategy  that 
was  announced  in  January. 

“We  wanted  a  development 
platform  that  adhered  to  in¬ 
dustry  standards,”  Brand  said. 

Portals  such  as  the  one  at 
Campbell  have  to  be  able  to  se¬ 
curely  manage  end-user  iden¬ 
tities  within  a  directory,  said 
Michele  Rubenstein,  a  security 
consultant  and  a  director  of 
the  messaging  forum  at  The 
Open  Group  in  Menlo  Park, 
Calif.  “You  have  to  define  per¬ 
missions  and  rules,”  she  said.  ► 


Reporter  Todd  R.  Weiss 
contributed  to  this  report. 


tional,  a  Washington-based 
trade  group  that  represents 
fixed  wireless  companies.  He 
predicted  a  “battle  royal”  over 
the  issue  before  the  FCC. 

Michael  Murphy,  director  of 
support  services  at  the  Carlson 
Hospitality  division  of  Min¬ 
neapolis-based  Carlson  Com¬ 
panies  Inc.,  said  the  spectrum 
battle  is  low  on  his  list  of  wire¬ 
less  LAN  priorities.  “I  have  a  lot 
of  other  things  I  need  to  focus 
on,  like  security  and  encryp¬ 
tion,”  Murphy  said,  noting  that 
the  tiff  won’t  affect  ongoing 
wireless  projects  at  Carlson.  > 


Satellite  Radio 
Irks  Broadband 
Companies 

While  satellite  radio  operators 
are  complaining  about  Wi-Fi 
and  Bluetooth  systems,  several 
wireless  broadband  service 
providers  last  month  filed 
claims  with  the  FCC  charging 
that  their  networks  are  being 
interfered  with  by  the  radio  sys¬ 
tems,  particularly  those  run  by 
XM  Satellite  Radio. 

The  broadband  suppliers 
told  the  FCC  that  terrestrial  re¬ 
peaters  operated  by  the  satel¬ 
lite  radio  companies  will  cause 
“devastating”  interference  to 
their  own  operations  within  the 
2.3-GHz  band.  The  claims  were 
filed  by  WorldCom  Inc.,  Bell¬ 
South  Corp.,  BeamReach  Net¬ 
works  Inc.  and  the  Wireless 
Communications  Association 
International  trade  group. 

XM  Satellite  operates  about 
900  terrestrial  repeaters,  while 
Sirius  Satellite  Radio  currently 
has  about  100  of  the  devices, 
which  are  designed  to  fill  cov¬ 
erage  gaps  in  their  services 
within  U.S.  cities.  The  FCC  has 
allowed  the  repeaters  to  be 
used  on  a  temporary  basis. 

An  XM  spokesman  said  the 
company  could  resolve  any  in¬ 
terference  problems  with  wire¬ 
less  broadband  systems  by 
adopting  filtering  technology, 
much  as  it  has  suggested  wire¬ 
less  LAN  manufacturers  do  to 
prevent  their  systems  from  in¬ 
terfering  with  satellite  radio  re¬ 
ceivers. 

-  Bob  Brewin 


Internet  Tax  Prep  Service,  September  14 


Internet  Tax  Prep  Service,  April  14 


HP  Blade  servers  are  here. 

The  most  flexible  way  to 
manage  your  infrastructure. 

Radical  simplicity.  Extraordinary  flexibility.  HP  Blade  servers  are  about 
to  forever  change  the  way  you  look  at,  manage  and,  yes,  even  maneuver 
through  your  data  center. 

They  are  complete,  ultra-dense  servers  on  single  modular  cards— including 
processor,  memory  and  all  network  connections— that  come  with  a  choice  of 
Linux,  Windows'  or  HP-UX. 

Easier  to  manage  and  maintain. 

This  elegant,  standards-based  design  allows  you  to  easily  combine  server, 
storage,  networking,  appliance  and  management  blades  in  the  same  38-slot 
chassis,  then  reconfigure  on  the  fly  to  handle  expanding  or  contracting  workloads. 

Each  blade  connects  to  the  network  infrastructure  already  embedded  in  the 
chassis,  dramatically  cutting  the  number  of  cables  needed.  With  far  fewer  cables 
to  fuss  with,  they're  far  easier  to  manage  and  maintain  than  conventional  servers. 
Even  management  is  shared.  Which  means  all  38  blades  can  be  viewed  and 
monitored  as  a  single  system. 

More  efficient  and  reliable. 

Since  all  blades  in  the  chassis  share  the  same  power  and  cooling  source, 
they're  also  more  energy  and  space  efficient.  In  fact,  you'll  find  HP  Blade  servers 
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reduce  the  typical  number  of  fans  and  power  supplies 
required  by  as  much  as  60%. 

The  reliability  advantages  of  moving  to  blades 
are  profound.  To  give  you  some  perspective,  imagine 
building  a  server  cluster  solution  that  is  comparable  to 
a  fully  loaded  HP  Blade  server  cabinet.  The  projected 
annual  failure  rate  of  the  HP  Blade  server  solution  is 
about  41%  lower  than  that  of  the  comparable  server  cluster. 

In  the  unlikely  event  that  a  blade  should  fail,  the  problem  is  isolated  in  the 
same  way  that  multiple  systems  connected  by  I/O  are  isolated  from  each  other. 

Is  your  server  as  sharp  as  a  blade? 

Servicing  a  blade  is  as  easy  as  deploying  one.  Each  blade  is  freely  accessible 
from  both  the  front  and  rear  of  the  cabinet  and  can  thus  be  replaced  at  a  moments 
notice.  Each  slot  can  be  powered  on  or  off  separately.  Hot-swap  and  hot-plug 
technology  is  implemented  throughout,  allowing  for  the  seamless  addition  or 
replacement  of  blades  while  the  rest  of  your  infrastructure  continues  to  hum. 

We  invite  you  to  read  our  technical  white  paper  on  HP  Blade  servers. 
Or,  better  yet,  talk  directly  with  one  of  our  infrastructure  specialists  to  find 
out  more  about  how  HP  Blade  servers  can  change  the 
face  of  your  business.  Give  us  a  call  at  1.800.HPASKME, 
extension  246.  Or  visit  www.hp.com/go/infrastructure. 

Infrastructure:  it  starts  with  you.  invent 
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HP  Names  Execs  to 
Postmerger  Roles 

Hewlett-Packard  Co.  named  150  ex¬ 
ecutives  to  handle  senior  manage¬ 
ment  jobs  if  its  proposed  acquisition 
of  Compaq  Computer  Corp.  occurs. 
HP,  which  is  awaiting  formal  ap¬ 
proval  of  the  deal  by  its  sharehold¬ 
ers  following  a  vote  last  month,  said 
the  appointments  would  include 
business  and  sales  executives  from 
its  operations  and  those  of  Compaq. 

WorldCom  Cuts  Jobs 
At  Coprate  Unit 

WorldCom  Inc.  said  it’s  laying  off 
6%  of  the  workers  at  its  WorldCom 
Group  unit,  which  offers  data,  In¬ 
ternet  and  voice  communication 
services  to  corporate  users.  The 
3,700-person  cutback  is  being  done 
to  better  align  costs  with  a  reduced 
revenue  outlook  that  was  announced 
in  February,  WorldCom  said.  The 
layoffs  reduce  the  company’s  total 
workforce  by  4%. 

Microsoft  Asks  Judge 
To  Reconsider  Ruling 

Microsoft  Corp.  asked  a  U.S.  District 
Court  judge  in  Seattle  to  reconsider 
a  March  15  ruling  that  allows  San 
Diego-based  Lindows.com  Inc.  to 
continue  selling  its  Lindows  operat¬ 
ing  system.  Microsoft,  which  is  suing 
Lindows.com  for  allegedly  infringing 
on  its  copyrights,  said  the  judge 
asked  the  wrong  questions  while 
considering  its  injunction  request. 

Short  Takes 

AT&T  CORP.  and  London-based 
BRITISH  TELECOMMUNICATIONS 
■  completed  the  dissolution  of 
their  CONCERT  COMMUNICATIONS 
C  joint  venture  and  took  back 
individual  control  of  its  assets. . . . 
in  a  siock-swap  deal,  New  York- 
:  ised  security  consulting  firm 
iC.  agreed  to  buy  ON- 
:tv  ERNATIONAL  INC., 
\  Minn. -based  maker 
of  :.j!a  recovery  software. 


NEWSINDUSTRY 


Low  IT  Budgets  Hurting 
Many  Software  Vendors 

Parade  of  companies  says  first-quarter 

results  will  be  below  expectations 


BY  TODD  R.  WEISS 

HE  recession  may 
be  showing  signs 
of  ending  in  the 
U.S.,  but  the  eco¬ 
nomic  recovery  is¬ 
n’t  coming  fast  enough  for 
many  software  vendors.  Nearly 
a  dozen  firms  last  week  warned 
that  their  first-quarter  finan¬ 
cial  results  will  be  lower  than 
expected  due  to  continued  lim¬ 
its  on  IT  spending. 

Vendors  such  as  Pleasanton, 
Calif.-based  PeopleSoft  Inc.; 
Dallas-based  i2  Technologies 
Inc.;  Redwood  City,  Calif.- 
based  BroadVision  Inc.;  and 
Commerce  One  Inc.,  also  in 
Pleasanton,  all  said  they  had 
sales  shortfalls  during  the  quar¬ 
ter  ended  March  31.  Many  cor¬ 
porate  users  remain  cautious 
about  investing  in  new  soft¬ 
ware,  the  vendors  said. 

For  example,  Commerce  One 
disclosed  that  it  sold  only 
about  $8  million  worth  of  its 
business-to-business  applica¬ 
tions  in  the  quarter.  San  Mateo, 
Calif.-based  E.piphany  Inc.  said 
a  user  that  late  last  year  signed 
the  largest  contract  in  the  cus¬ 
tomer  relationship  manage¬ 
ment  (CRM)  software  vendor’s 
history  notified  it  during  the 
first  quarter  that  the  project 
was  being  rethought. 

Albert  Pang,  an  an¬ 
alyst  at  IDC,  a  Fram¬ 
ingham,  Mass.-based 
research  firm,  said 
new  applications  —  even  those 
that  offer  potential  business 
paybacks  to  users  —  have  be¬ 
come  a  much  harder  sell  be¬ 
cause  of  the  tight  IT  budgets  at 
many  companies. 

“We’ve  seen  a  fundamental 
shift  among  the  customers,” 
Pang  said.  “They  want  to  see 
quicker  benefits  and  faster  im¬ 
plementations  and  lower  cost 
of  ownership.” 

According  to  a  survey  of 


approximately  900  companies 
worldwide  that  was  released 
last  month  by  Forrester  Re¬ 
search  Inc.  in  Cambridge, 
Mass.,  a  majority  of  the  re¬ 
spondents  said  they  have  no 
interest  in  buying  either  CRM 
or  supply  chain  management 
software  this  year  (see  chart). 

Hard  Times  to  Continue 

“We  think  the  economy  is  a 
major  factor  here,”  said  For¬ 
rester  analyst  Laurie  Orlov. 
Many  companies  are  restrict¬ 
ing  their  IT  spending  and  fo¬ 
cusing  on  infrastructure  tech¬ 
nologies  such  as  networking 


Revenue  drop  forces 
layoffs,  site  closings 

BY  TODD  R.  WEISS 

Stung  by  a  continuing  drop-off 
in  revenue,  mainframe  soft¬ 
ware  and  services  vendor 
Compuware  Corp.  last  week 
announced  that  it’s 
laying  off  an  undis¬ 
closed  number  of 
workers  and  closing 
some  of  its  IT  ser¬ 
vices  offices  as  part  of  a  plan  to 
shed  unprofitable  operations. 

Like  many  other  vendors 
(see  story  above),  Compuware 
warned  that  business  in  the 
quarter  ended  March  31  was 
below  expectations.  The  Farm¬ 
ington  Hills,  Mich.-based  com¬ 
pany  said  it  expects  to  report 
fourth-quarter  revenue  of  ap¬ 
proximately  $400  million,  more 
than  20%  below  the  year-earli¬ 
er  level  of  $514.5  million. 


equipment  and  information  se¬ 
curity  tools,  she  said.  As  a  re¬ 
sult,  Orlov  added,  Forrester  ex¬ 
pects  hard  times  to  continue 
for  application  vendors  at  least 
through  the  end  of  this  year. 

“I  think  everybody’s  getting 
killed  out  there,”  said  John 
Chen,  chairman,  CEO  and  pres¬ 
ident  of  Dublin,  Calif.-based 
Sybase  Inc.  “It’s  a  really  tough 
environment.” 

Sybase,  a  vendor  of  databas¬ 
es,  mobile  software  and  inte¬ 
gration  tools,  said  it  expects  to 
meet  the  pro  forma  earnings 
projection  it  made  during  the 
first  quarter.  But  the  company 
met  those  earnings  because  of 
cost-cutting,  not  strong  sales, 
Chen  said. 

First-quarter  revenue  will 
likely  total  about  $210  million, 


Software  license  sales  and 
professional  services  revenue 
both  fell  sharply  on  a  year-to- 
year  basis.  But  Compuware 
said  the  layoffs  and  office  clos¬ 
ings  will  primarily  affect  IT 
services  workers  and  employ¬ 
ees  who  support  those  workers. 

Compuware  has  about  12,000 
workers  and  110  offices  world¬ 
wide.  The  company  said  it 


Damage  Control 

Key  details  about  Compu- 
ware’s  planned  cutbacks: 

WHY  IT’S  HAPPENING:  Compu¬ 
ware  said  that  some  of  its  IT  services 
operations  haven’t  been  profitable, 
and  the  situation  isn’t  expected  to 
change  in  the  near  future. 

HOW  IT  WILL  AFFECT  USERS: 

That’s  unclear.  Compuware  wouldn’t 
say  how  many  workers  will  be  laid  off 
or  disclose  the  offices  that  will  be 
downsized  or  closed. 


Sybase  said.  That  would  be  8% 
less  than  the  consensus  esti¬ 
mate  of  $228  million  from  Wall 
Street  analysts  who  were  sur¬ 
veyed  by  Boston-based  First 
Call/Thomson  Financial.  ► 


won’t  divulge  the  number  of 
employees  it  will  lay  off  or 
identify  the  offices  due  to  be 
scaled  back  or  closed  until  the 
affected  workers  have  been  no¬ 
tified.  The  cutbacks  are  ex¬ 
pected  to  be  completed  within 
about  two  weeks  in  North 
America  but  will  take  longer  in 
Europe  because  of  the  labor 
laws  there. 

Peter  Karmanos  Jr.,  Com- 
puware’s  chairman  and  CEO, 
said  in  a  statement  that  the 
company  will  honor  all  IT  ser¬ 
vices  contracts  to  which  em¬ 
ployees  have  been  assigned. 
Workers  in  offices  that  are  be¬ 
ing  closed  will  be  given  incen¬ 
tives  to  stay  until  they  finish 
projects  for  users,  he  said. 

David  Floyer,  an  analyst  at 
ITCentrix  Inc.  in  Mountain 
View,  Calif.,  said  many  users 
don’t  need  as  much  main¬ 
frame-related  services  help  as 
they  used  to.  He  added  that 
Compuware  previously  grew 
its  revenue  by  snapping  up 
smaller  software  vendors,  a 
strategy  that  doesn’t  work  now. 

“The  way  they  grew  in  the 
past  was  through  acquisitions, 
and  there’s  nothing  to  acquire 
anymore,”  Floyer  said.  I 
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Compuware  Moves  to  Cut 
Back  Services  Operations 


Word  on  the  Street: 

Migrate  to  Linux. 

On  Wall  Street,  technology  performance  means  money. That's  why  Red  Hat®  Linux® 
and  Compaq  ProLiant ™  servers  quietly  power  many  of  the  world's  top  financial  firms. 

No  wonder.  Linux  is  open  source.  You  can  see  the  code.  You  stay  in  control. 

And  you  won't  get  trapped  again  by  proprietary  technology. 

Red  Hat  Linux  Advanced  Server  is  the  enterprise  platform  for  UNIX  to  Linux 
migration.  Scalable  performance.  Stabilized  releases.  Support  from  top  software 
vendors  you  already  use. 

Red  Hat  and  Compaq  —  enterprise-ready,  no  matter  what  street  you're  on. 

Go  to  www.redhat.com/explore/thestreet 
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redhat. 
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Web  Adolescence 


AS  ANY  PARENT  who  has  survived  it 
will  tell  you,  adolescence  is  a  balanc¬ 
ing  act  between  tantalizing  potential 
and  nerve-racking  risk.  So  it’s  a  mixed 
blessing  that  the  Web  is  now  arriving 
at  its  own  riveting  version  of  this  stage. 


On  the  potential  side, 
there  persists  a  profound 
belief  that  the  Web  holds 
the  power  to  change  the 
future  of  business.  On  the 
risk  side,  however,  there 
will  inevitably  be  awk¬ 
ward  growth  spurts  and 
spectacular  screw-ups.  So 
what  are  some  of  the 
lessons  corporate  IT  and 
business  can  learn  as  the 
immature  Web  finds  its 
way  to  adulthood?  Here 
are  three  to  consider: 

Lesson  No.  1:  Practice  discretion.  (Re¬ 
vealing  too  much  means  regretting  it  later.) 

Our  cover  story  last  week,  “Guard¬ 
ing  the  Online  Gates,”  begins  with  a 
compelling  anecdote  about  the  chief 
of  security  from  now-bankrupt  Exo¬ 
dus  Communications  arriving  at  a 
meeting  with  700  pages  of  competi¬ 
tive  intelligence  on  Cable  &  Wire¬ 
less,  which  was  acquiring  Exodus 
assets.  Surprise! 

Unbeknownst  to  many  organiza¬ 
tions,  their  own  Web  sites  have 
evolved  into  gold  mines  for  competi¬ 
tors.  Companies  are  posting  every¬ 
thing  from  floor  plans  and  manufac¬ 
turing  processes  to  details  about  net¬ 
work  infrastructure  and  employee 
travel  schedules.  Even  if  online  dis¬ 
cretion  isn’t  a  problem  for  your  firm, 
it  may  be  for  one  of  your  partners  or 
suppliers. 

Experts  advise  that  before  compa¬ 
ny  content  goes  up  online,  a  review 
team  from  the  legal,  human  re¬ 
sources,  marketing,  IT  and  business 
units  should  approve  it.  (Well,  that 
l  ould  ensure  you’ll  never  post  any¬ 
thing  again.) 

1  sson  No.  2:  Readjust  to  bottom-line 
kilties.  (There  really  is  no  free  lunch.) 

fh  .'re  was  a  flurry  of  stories  last 
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week  about  the  impend¬ 
ing  demise  of  free  e-mail 
services,  as  both  Yahoo 
and  Microsoft  launched 
premium  paid  services 
for  e-mail  forwarding  or 
additional  storage  space 
that  would  cost  avid 
users  $20  to  $30  a  year. 
Portal  player  Terra  Lycos 
is  also  toying  with  paid 
e-mail  services. 

Of  course,  as  any  pub¬ 
lisher  knows,  e-mail  was 
never  free  in  the  first  place.  It  was 
advertiser-supported  in  the  hope 
that  millions  of  eyeballs  would  mean 
millions  of  transactions.  Wrong.  Ad¬ 
vertisers  are  now  curled  up  in  fetal 
positions,  waiting  for  the  economy 
to  improve.  Analysts  say  it  will  take 
years  for  fee-based  e-mail  to  catch 
on  because  of  consumer  resistance 
to  paying  for  a  “free  service.”  Wrong 
again.  People  will  pay  for  what  they 
value  —  although  it  certainly  won’t 


be  six  different  e-mail  addresses. 

Lesson  No.  3:  Avoid  magical  thinking. 
(Bad  things  don’t  disappear  when  you  ig¬ 
nore  them.) 

Many  businesses  seem  determined 
to  overlook  unpleasant  realities,  such 
as  the  burgeoning  threat  of  viruses, 
worms  and  Trojan  horses.  As  we  re¬ 
ported  in  our  Future  Watch  feature 
last  week  (“Malware’s  Destructive 
Appetite  Grows”),  the  problem  is  es¬ 
calating.  In  1998,  there  were  262 
known  vulnerabilities  in  all  operat¬ 
ing  systems  and  40,000  known  virus¬ 
es.  Today,  there  are  10  times  the  op¬ 
erating  system  vulnerabilities  and 
59,000  viruses,  according  to  the 
CERT  Coordination  Center  and 
TruSecure  Corp.  They’re  multiplying 
faster,  propagating  more  efficiently 
and  attacking  networks  much  more 
effectively. 

The  next  frontier  for  rogue  soft¬ 
ware  will  get  even  more  personal:  in¬ 
vading  our  cell  phones  and  PDAs. 
Security  experts  are  predicting  a  ma¬ 
jor  outage  of  at  least  one  nationwide 
service  within  the  next  five  years, 
and  it  probably  won’t  take  that  long. 

One  comforting  thought  is  that 
adolescence  mercifully  passes.  The 
Web  will  mature,  and  we  will  look 
back  on  these  difficult  years  and  say, 
“That  wasn’t  so  bad,  was  it?”  I 


PIMM  FOX 

No  Wires, 

No  Security, 
No  Solution 

SPRING  IS  IN  THE  AIR,  and 
so  is  your  vital  network 
data.  The  explosion  of 
wireless  networks  —  at  home 

and  in  the  office  —  using 
802.11  standards  has  been  a  boon  to 
laptop  makers  and  users  who  dislike 
being  tethered  to  LANs. 

A  trip  to  an  airport,  conference 
room  or  cafeteria  confirms  that  wire¬ 
less  LANs  are  a  common  feature  of  the 
IT  landscape.  The  trouble  is,  hackers 
are  making  the  same  trip.  Dubbed  “war 
drives,”  they 
travel  in  cars 
armed  with  a 
laptop,  antenna, 
free  download¬ 
able  software 
and  a  little  bit  of 
knowledge,  aim¬ 
ing  to  discover 
wireless  access 
points. 

Chris  O’Fer¬ 
rell,  CTO  at 
Herndon,  Va.- 
based  Netsec, 
recently  took  a  drive  around  Capitol 
Hill  in  Washington  and  located  more 
than  100  access  points,  including  many 
from  the  government.  Luckily  for 
those  IT  administrators,  O’Ferrell  is  a 
security  expert  whose  company  this 
summer  is  coming  out  with  a  device  to 
detect  wireless  network  intrusions. 

But  one  device  isn’t  the  complete  an¬ 
swer  to  the  Herculean  task  of  securing 
wireless  access  points.  You  need  strict 
policies  for  wireless  security. 

No  more  wireless  couch-potato  net¬ 
works  with  the  company’s  laptop.  A 
sweep  of  a  bedroom  community  in  the 
evening  reveals  how  easy  it  is  to  get 
the  Service  Set  Identification  (SSID), 
which,  when  inserted  into  the  wireless 
network  card  configuration,  permits 
network  log-ins.  Better  to  turn  off 
SSID  broadcasting. 

Most  Dynamic  Host  Configuration 
Protocol  (DHCP)  servers  automatical¬ 
ly  assign  IP  addresses  for  a  network  — 
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so  consider  disabling  DHCP  and  go 
with  static  IP  addresses.  At  the  very 
least,  according  to  O’Ferrell,  you  can 
then  prove  malicious  intent,  because  a 
hacker  would  have  had  to  manually 
configure  an  IP  address  to  enter  the 
network.  Static  IP  addresses  are  a  pain, 
but  they’re  more  secure. 

Do  regular  intrusion  sweeps  of  your 
wireless  network  to  see  if  you  can  hack 
your  own  network.  And  do  them  at 
lunch,  when  the  executive  conference 
rooms  are  used  or  when  workers  are 
outside  with  their  machines.  The  sig¬ 
nal  strength  of  wireless  networks  varies 
from  300  to  2,000  ft.,  so  don’t  assume 
someone  in  the  parking  lot  is  too  far 
away  to  slip  inside  your  network. 

Enable  Wired  Equivalent  Privacy, 
but  recognize  that  it  isn’t  activated  by 
default  —  you  have  to  configure  the 
client  and  the  access  point  to  make  it 
operational. 

Use  Media  Access  Control-layer  fil¬ 
tering,  but  don’t  rely  on  it,  because 
MAC  addresses  are  in  the  open  when 
transmitted  and  can  be  spoofed. 

Don’t  put  the  access  point  on  an 
internal  network,  and  make  sure  your 
virtual  private  network  gateway  is 
inside  the  firewall. 

Finally,  design  a  security  plan  before 
implementing  a  wireless  network;  oth¬ 
erwise,  this  spring  could  easily  turn 
into  a  winter  of  discontent.  > 

DAVID  MOSCHELLA 

IT  Industry 
Takes  It  On 
The  Chin 

THESE  DAYS,  I’m  almost 
afraid  to  open  the  news¬ 
paper.  Has  there  ever 
been  a  more  embarrassing 
time  to  be  in  the  IT  business? 

It’s  bad  enough  that  budgets  are  tight 
and  technology  stocks  are  in  the 
dumps,  but  consider  what’s  happening 
with  some  of  the  biggest  —  and  theo¬ 
retically  most  respected  —  companies 
in  the  industry. 

1.  Even  now  that  the  HP/Compaq 
vote  has  been  taken,  the  story  just  won’t 
go  away.  The  counts  and  recounts  may 
take  longer  than  the  presidential  elec¬ 
tion  in  Florida,  and  now  Walter  Hewlett 
is  taking  the  whole  thing  to  court,  es¬ 
sentially  accusing  HP  of  buying  votes. 
Has  there  ever  been  such  sustained  and 
personal  mudslinging  within  such  a 


once-admired  company?  And 
it’s  hard  to  avoid  wondering 
if  the  antimerger  forces 
would  have  been  quite  so 
fierce  were  the  CEO  of  an¬ 
other  gender.  Then  again,  I 
also  think  the  merger  is  a  ter¬ 
rible  idea. 

2.  Can  you  think  of  a  more 
absurd  suit  than  America 
Online  using  its  Netscape 
division  to  sue  Microsoft? 

AOL  decided  to  buy 
Netscape  in  November  1998, 
and  since  then  has  done  ab¬ 
solutely  nothing  to  promote  the  Navi¬ 
gator  browser. 

If  AOL  had  simply  converted  its  own 
base  from  Explorer  to  Navigator, 
browser  competition  today  would  be 
alive  and  well.  A  trial  would  almost  be 
worth  it,  just  so  AOL  would  have  to 
explain  this  in  public. 

3.  Sun’s  suit  against  Microsoft  isn’t  a 
whole  lot  better.  Even  a  clever  talker 
like  Scott  McNealy  can’t  find  it  easy  to 
explain  how:  a)  Java  is  the  clear  global 
standard  and  will  soon  be  in  your  toast¬ 


er,  and  b)  Microsoft  should 
pay  Sun  for  the  irrevocable 
harm  it  has  inflicted  upon 
Java.  If  anything,  Micro¬ 
soft’s  dominant  position 
and  high-handed  tactics  are 
among  the  main  reasons 
the  rest  of  the  industry 
accepted  Java  in  the  first 
place. 

Oh  well,  at  least  Scott 
is  entertaining,  with  seem¬ 
ingly  a  good  line  for  every 
occasion. 

4.  Of  course,  Microsoft  is 
hardly  a  figure  of  sympathy.  The  com¬ 
pany  remains  unrepentant  and  seems 
as  determined  as  ever  to  wield  its  pow¬ 
er.  In  recent  days,  Red  Hat,  Palm,  Gate¬ 
way,  Novell  and  others  have  all  come 
forward  and  complained  that  Micro¬ 
soft  continues  to  abuse  its  monopoly 
position. 

And  although  these  companies 
clearly  have  their  own  axes  to  grind, 
it’s  telling  that  Microsoft  can’t  put  for¬ 
ward  anyone  to  say  that  its  practices 
have  changed  in  keeping  with  the  spir¬ 


it  of  the  proposed  Justice  Department 
settlement. 

5.  Things  only  get  worse  in  the  dot¬ 
com  and  telecommunications  worlds. 
Fortunately,  most  people  incorrectly 
see  Enron  as  a  Texas  energy  company, 
not  the  once-signature  business-to- 
business  exchange.  But  is  there  any 
doubt  that  the  alleged  Global  Cross¬ 
ing/Qwest  “I’ll  pay  you;  you  pay  me” 
revenue  shell  game  was  rampant 
through  many  parts  of  the  dot-com 
industry?  You  know  there  will  be  more 
of  this  to  come. 

6.  Then  there  are  the  daily  thorns  of 
executive  privilege  and  greed.  World¬ 
Com  gives  Bernie  Ebbers  a  nice  little 
$340  million  loan;  failed  executives 
walk  away  with  millions,  while  their 
employees  get  shown  the  door;  the  big 
bonuses  keep  flowing,  even  as  compa¬ 
nies  don’t  perform. 

Perhaps  most  scarily,  stock  options, 
the  golden  goose  of  the  IT  industry,  are 
now  under  sustained  attack,  to  who 
knows  what  end. 

Let  me  know  if  you  hear  any  good 
news.  I’m  sure  we  could  all  use  it.  ► 
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Blame  the  Customer 

I  FOUND  THE  thoughts  of 
CA  President  and  CEO 
Sanjay  Kumar  enlighten¬ 
ing  [“CA  Confronts  User 
Anger,  Reveals  Web  Portal 
Plan,”  Page  One,  March  4].  I 
learned  that  the  cause  of 
combative  customer  rela¬ 
tionships  is  acquisitions  and 
subsequent  restructuring.  I 
was  relieved  to  find  that  it’s 
still  the  customer’s  fault  and 
not  a  problem  with  CA’s 
corporate  culture,  policies, 
attitudes  and  procedures. 
Bob  Randolph 
President 

Alpha  Professional  Services  Inc. 
Philpot,  Ky. 


Behind  Spaghetti  Code 

I  enjoyed  the  article 
“Mainframe  Skills,  Pay  at 
a  Premium”  [Page  One, 
March  4],  However,  it’s  al¬ 
most  impossible  to  get  a 
true  Cobol  mainframer  a  job 
because  companies  are  try¬ 
ing  to  cut  corners  and  hire 
only  those  who  can  also 
write  in  other  languages. 

But  these  programmers  love 


to  use  negative  “if”  state¬ 
ments,  causing  abends  and 
giving  us  spaghetti  code  like 
we  had  in  the  1970s  when 
assembler  programmers 
learned  Cobol.  I  have  tried 
to  learn  C,  Unix  and  Visual 
Basic,  but  my  expertise  al¬ 
ways  puts  me  on  a  Cobol 
job,  so  I  lack  experience  in 
them. 

William  M.  Vasquez 

Senior  programmer/analyst 
Joliet,  III. 

bvasq@allstate.com 


A  QA  Lesson  From  Enron 

NE  MAJOR  lesson 
emerging  from  the 
Enron  debacle  is  the 
need  to  avoid  having  the 
same  firm  carry  out  consult¬ 
ing  and  auditing  activities 
[“Enron  Lesson:  Tech  Is  for 
Support,”  Page  One,  Feb.  18], 
A  closely  related  point  for 
the  IT  community  is  to 
avoid  having  your  software 
vendor  (and  its  implementa¬ 
tion  partner)  carry  out  the 
primary  quality  assurance 
reviews  of  IT  implementa¬ 
tion  projects.  Is  it  realistic 
to  expect  a  QA  reviewer 


provided  by  the  software 
vendor  to  fault  the  vendor 
on  inadequate  configuration 
management  or  poorly  exe¬ 
cuted  software  testing?  Will 
a  reviewer  from  a  vendor’s 
implementation  partner  risk 
a  $15  million  consulting  con¬ 
tract  by  pointing  out  in  a 
$40,000  QA  report  that  the 
project  is  behind  schedule 
or  that  scope  creep  is  threat¬ 
ening  to  drive  up  the  project 
cost? 

M.  Glenn  Newkirk 

President,  InfoSentry  Services  Inc. 
Raleigh,  N.C. 

glenn_newkirk@infosentry.com 


Suspect  Privacy  Policies 

N  the  march  4  article 
“Corporate  Privacy  Cred¬ 
ibility  Crumbles”  [News], 
you  say  Procter  &  Gamble  is 
trying  to  reinforce  consumer 
confidence  “by  implement¬ 
ing  a  plain-language  privacy 
policy  [and]  privacy  seal 
certification.”  So  what?  Have 
people  forgotten  that  eToys 
had  a  plain-language  privacy 
policy  that  was  certified  by 
Truste?  As  soon  as  eToys  hit 
a  rough  spot,  it  started 


hawking  its  customer  lists 
and  customers’  personal 
information  to  prospective 
buyers.  Only  a  public  outcry 
stopped  it  from  doing  this. 

A  privacy  seal  may  certify 
what  a  company’s  privacy 
policy  is  now,  but  these  poli¬ 
cies  are  subject  to  change. 
Once  your  information  is  in 
their  hands,  if  they  change 
their  minds  about  sharing  it, 
there’s  not  much  you  can  do 
about  it.  This  means  that 
privacy  policies  and  certifi¬ 
cation  seals  are  worthless. 
Daniel  P.B.  Smith 
Norwood,  Mass. 
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Good  Business  Strategy: 
Secure  Your  Information. 


Internet  access  has  changed  the  way  your  business  has  to  protea  itself. 

Gateway  has  the  technology  solutions  to  help  keep  your  information  secure.  We 
offer  security  audits,1  physical  access  solutions  and  network  protection  options. 

A  Gateway  Network  Solution  Provider  can  come  on-site  to  assess  your 
security  needs,  provide  you  with  a  detailed  report  and  make  recommendations.  Along  with  anti¬ 
virus  software,  tape  backup  produas  and  surge  proteaors  to  safeguard  your  data.  Gateway  offers 
a  full  range  of  robust  business  desktops,  versatile  notebooks  and  reliable  servers.  All  are  powered 
by  Intel®  processors,  including  the  latest  Intel  Pentium  4  processor. 

For  a  limited  time  only,  purchase  any  Gateway  910, 930  or  935  Series  server  and  you’ll  receive 
a  business  Security  Audit  at  no  additional  charge:  That’s  added  protection  and  a  reliable  server 
for  the  price  of  a  PC. 

You  have  a  lot  invested  in  your  business,  thankfully  there’s  something  you  can  do  to  protea 
that  investment.  And  Gateway  makes  it  affordable.  Call  us  today. 

Gateway®  PCs  use  genuine  Windows®  Operating  Systems 
http://www.  microsoft.com/piracy/howtotell 


Come  into  your 
local  Gateway®  store. 


gateway.com 


Gateway®  Security  Audit' 

Don’t  let  your  business  investment  go  unprotected.  The 
findings  from  the  Gateway  Security  Audit  will  be  the  first 
step  to  uncovering  potential  problems  of  your  company’s 
security,  and  can  aid  in  protecting  your  entire  technology 
environment.  Services  include: 

•  Identification  of  Current  Security  Problems 
and  Potential  Issues 

•  Detailed  Custom  Report  Specific  to  Your 
Technology  Environment 

•  Prioritized  List  of  Recommendations 

•  General  Security  Advice 

ftv*.  rn  with  the  purchase  of  any  Gateway  Server. 
rRfcb  Offer  ends  June  30,  2002. 


Gateway  9 IOC  Server 

Value-priced  Business  Server 

•  Intel®  Celeron®  Processor  1.20GHz 
with  25 6K  Full  Speed  L2  Cache 

•  128MB  PC133  ECC  SDRAM  (Expandable  to  2GB) 

•  20GB  ATA100  5,400RPM  IDE  Hard  Drive 

•  64-Bit  PCI  I/O  Technology 

•  3.5"  Diskette  and  48X  IDE  CD-ROM  Drives 

•  Integrated  Graphics  with  4MB  SDRAM 

•  Integrated  Dual  Channel  ATA100  IDE  Interface 

•  Integrated  Intel®  PCI  10/100  Twisted  Pair  Ethernet 

•  HP®  OpenView"  ManageX  Event  Manager 

•  1  -Year  On-Site  Limited 

Starting  at  $499' 

$25  per  mo.  for 
24  inos.  business  lease " 


Gateway  500L  Business  Desktop 

Mainstream  Office  System 

•  Intel®  Pentium®  4  Processor  1.60GHz 

•  128MB  DDR  SDRAM 

•  15"  Color  Monitor  (13.8"  Viewable) 

•  32MB  NVIDIA"  GeForce2  MX"200  AGP  Graphics 

•  20GB  Ultra  ATA  Hard  Drive 

•  48X  CD-ROM  Drive 

•  Integrated  10/100  Ethernet 

•  Microsoft  Works  Suite  2002’  Software 

•  Microsoft®  Windows®XP  Professional 

•  1-Year  On-Site  Limited  Warranty4 


$799' 


$40  per  mo.  for 
24  mos.  business  lease 6 
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4.  Limited  warranties  and  service  agreements  apply;  visit 
qateway.com  or  call  1-800846-2000  for  a  free  copy. 
Technician  will  be  dispatched,  if  deemed  necessary  by 
Gateway,  following  otner  troubleshooting  methods.  On¬ 
site  service  not  available  in  all  locations;  you  may  be 
required  to  take  or  send  your  product  to  an  authorized  serv¬ 
ice  location  On-site  service  excludes  mice,  keyboards, 
docking  stations,  external  peripherals  and  monitors. 
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SECURITY  SENTINELS 

A  handful  of 
women,  includ¬ 
ing  Georgetown 
University  pro¬ 
fessor  Dorothy 
Denning  (left), 
have  overcome 
personal  and 
professional 
obstacles  to  help  set  IT  security 
policies  used  by  the  public  and 
private  sectors.  PAGE  34 


CERTIFICATION  STYMIE 

Microsoft’s  changing  requirements 
are  leading  some  IT  workers  to 
question  the  value  of  their  Win¬ 
dows  NT  4.0  certificates  and  re¬ 
consider  their  options.  PAGE  36 


PORTAL  PICKLE 

Although  an  increasing  number  of 
companies  are  tapping  enterprise 
portals  to  improve  information 
sharing  with  employees,  customers 
and  business  partners,  only  a  hand¬ 
ful  of  organizations  are  tracking 
the  returns  that  these  gateways  can 
provide.  PAGE  38 


GUIDING  GREENHORNS 

There  are  simple  steps  that  experi¬ 
enced  supervisors  can  take  to  pre¬ 
vent  rookie  managers  from  stum¬ 
bling  out  of  the  gates,  says  manage¬ 
ment  consultant  Carol  A.  Walker, 
who  wrote  an  article  about  the  sub¬ 
ject  in  this  month’s  Harvard  Busi¬ 
ness  Review.  PAGE  40 


CAREER  ADVISER 

Fran  Quittel  counsels  an  unem¬ 
ployed  network  support  technician 
and  a  Unix  programmer  who  hopes 
to  break  into  bioinformatics.  PAGE  42 


BART  PERKINS 

After  the  Purchase 

IF  YOU  WANT  your  IT  organization  to  be  successful,  you  must  be 
effective  at  managing  your  suppliers.  Research  conducted  by  my 
firm  indicates  that  a  typical  Fortune  500  company  spends  more 
than  60%  of  its  IT  budget  on  external  suppliers  such  as  vendors 
and  consultants. 


An  IT  executive  at  an  airline  recently  said  60%  was 
far  too  high.  He  estimated  that  no  more  than  35%  to 
40%  of  his  budget  went  outside  the  company.  But  he 
later  realized  that  he  hadn’t  included  the  costs  of  his 
company’s  airline  reservation  system,  frequent  flyer 
program  and  yield  management  system,  all  of  which 
were  joint  ventures.  His  revised  estimate:  80%  to  85% 
of  all  IT  spending  goes  to  external  suppliers. 

Don’t  find  that  alarming.  Current  trends  indicate 
that  even  more  IT  dollars  will  be  directed  to  external 
spending  in  the  future: 

■  Outsourcing  of  IT  infrastructure  is  increasing. 
Few  IT  departments  have  the  capacity  to  develop 
and  manage  complex  infrastructures,  including  serv¬ 
er  centers,  networks  and  desktops.  An  outsourcer 
that  specializes  in  providing  infrastructure  can  usual¬ 
ly  offer  better  levels  of  service  for  less  money. 

■  Off-the-shelf  packages  continue  to  replace  cus¬ 
tom  applications.  The  quality  of  available  packages 
has  increased  so  dramatically  that  it’s  rarely  cost- 
effective  to  develop  homegrown  applications  unless 
they  truly  provide  a  competitive  advantage. 

■  CIOs  look  favorably  on  hiring  vendors  to  handle 
thankless  jobs.  Infrastructure  management,  for  exam¬ 
ple,  is  what  I  call  a  tie-lose  job;  few  CEOs  stop  by  to 
say,  “Great  job  keeping  the  servers  up.” 

■  Corporations  realize  that  their  com¬ 
petitive  advantages  stem  from  their  core 
competencies,  so  business  process  out¬ 
sourcing  of  noncore  competencies  is  be¬ 
coming  more  prevalent.  Accounts  payable, 
for  example,  rarely  provides  competitive 
advantage,  so  it’s  often  prudent  to  out¬ 
source  all  of  it. 

IT  can  also  make  its  external  spending 
more  effective  by  addressing  the  following 
key  supplier  management  issues: 

■  Create  target  cost  reductions.  Consolidate 
your  supplier  portfolio,  standardize  your 
buying  processes  and  improve  your  con¬ 
tract  negotiation  tactics  to  reduce  spending 
on  significant  portions  of  the  budget. 

■  Align  buying  decisions  with  your  IT  architec¬ 
ture.  Many  buying  decisions  today  are  dri¬ 


ven  by  individual  project  needs  without  considering 
implications  to  architecture.  In  the  case  of  one  of  my 
clients,  buying  against  the  architecture  would  have 
prevented  the  unnecessary  complexity  —  and  costs 
—  of  having  eight  database  management  systems,  six 
e-mail  systems  and  15  desktop  hardware  platforms. 

■  Develop  an  exit  strategy  for  every  critical  supplier.  When 
a  contract  comes  up  for  renewal,  have  a  plan  for 
changing  suppliers  and  minimizing  the  associated 
switching  costs.  A  company  without  a  Plan  B  is  often 
held  hostage  by  ruthless  suppliers  during  contract 
renegotiations.  In  difficult  economic  times,  it’s  also 
prudent  to  have  a  contingency  plan  for  disasters;  if 
your  supplier  goes  bankrupt,  you  must  be  able  to  re¬ 
cover  as  quickly  and  seamlessly  as  possible. 

■  Understand  the  total  cost  of  outsourcing.  If  you  out¬ 
source,  you  must  continuously  manage  the  supplier. 
That  promotes  understanding  and  allows  small  prob¬ 
lems  to  be  resolved  before  they  grow.  This  takes  time, 
money  and  a  staff  with  the  right  skills,  so  don’t  cut 
costs  there.  Invest  in  developing  project  and  program 
management  skills  among  your  staff. 

■  Invest  in  win-win  relationships  with  critical  suppliers. 
Win-win  is  the  only  way  to  sustain  a  buyer-seller 
relationship.  If  you  squeeze  your  suppliers  so  much 

that  they  can’t  make  a  profit  (or  worse,  go 
out  of  business)  you  have  created  a  lose- 
lose  situation.  Being  forced  to  replace  a 
supplier  unexpectedly  can  cause  more 
headaches  and  expenses  than  dealing  effec¬ 
tively  with  the  one  you  have. 

In  a  sluggish  economy,  it’s  important  for 
IT  to  show  fiscal  discipline  and  provide  a 
good  return  on  all  its  spending.  Effective 
supplier  management  is  one  of  the  best 
ways  to  leverage  your  spending  and  boost 
the  success  of  your  IT  organization.  > 

EDITOR’S  NOTE:  Perkins,  a  former  CIO  who  now 
helps  his  onetime  peers  manage  IT  vendors  and 
suppliers,  will  write  in  this  space  on  the  second 
week  of  every  month.  His  column  replaces  Joe 
Auer's  “Driving  the  Deal.'' 


Partners  Inc.  in 
Louisville,  Ky„  which 
helps  CIOs  manage  their 
IT  suppliers.  He’s  the  for-  j 
mer  CIO  at  Tricon  Global 
Restaurants  Inc.  and  at 
Dole  Food  Co.  Contact  \ 
him  at  BartPerkins® 
LeveragePartners.com. 


Introducing  Fujitsu  Consulting— a  partner  who  shares  your  vision 

In  times  like  these,  you  can’t  afford  to  work  with  a  consultant  who’s  single-minded. 
You  need  a  company  that  understands  the  true  meaning  of  collaboration.  At  Fujitsu 
Consulting,  we  share  your  vision  right  from  the  start,  and  we  never  lose  sight  of  your 
business  goals  throughout  the  process.  This  has  always  been  our  approach,  one  that 
further  benefits  from  the  expertise  and  resources  of  the  entire  Fujitsu  group,  which 
has  long  provided  world-class  IT  products  and  platforms  all  over  the  globe. 

Unique  ROI-focused  methodology 

As  a  forward-thinking  global  consulting  organization,  we  utilize  a  unique,  proven 
methodology  that  delivers  a  rapid  and  measurable  return  on  your  IT  investment. 
It  starts  by  focusing  on  the  results  the  client  expects  to  achieve.  It  then  provides 
a  road  map  through  the  design,  implementation  and  operation  of  the  solution  to 
achieve  the  desired  results. 

Industry  and  business-process  knowledge 

Fujitsu  Consulting  creates  tailored  solutions  for  a  variety  of  industries— in  particular, 
communications,  financial  services,  and  government.  Whether  it’s  core  back  office, 
front  office  or  extended  functions,  we  enable  companies  to  better  serve  their  customers 
and  collaborate  with  their  extended  supply  chain  of  employees,  vendors  and  partners. 

Fujitsu  Consulting— the  new  alternative 

In  creating  powerful  IT  solutions,  we  live  and  breathe  three  simple  ideas:  deep 
collaboration  with  our  clients,  an  eye-to-eye  approach,  and  a  passion  for  getting  the 
job  done.  It  is  the  unique  combination  of  global  scope  and  human  scale  that  sets  us 
distinctly  apart  from  our  competitors.  And,  perhaps,  earns  us  a  spot  on  your  short 
list  of  consulting  partners. 


FUJITSU 

THE  POSSIBILITIES  ARE  INFINITE 

us.fujitsu.com 
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The  speed  at  which  critical  national  func¬ 
tions  are  being  moved  online  increases  the 
risk  of  vulnerability  say  former  CIA  and 
NSA  security  experts  in  exclusive  inter¬ 
views  with  Computerworld.  By  Dan  Verton 


SECURITY 


hile  cyberterrorism 
may  not  be  an  imme¬ 
diate  threat,  it  would 
be  foolish  not  to  rec¬ 
ognize  that  the  U.S. 
is  facing  a  “thinking  enemy”  who  will 
adapt  to  attack  our  critical  infrastruc¬ 
tures  and  vulnerabilities,  says  Ruth 
David,  former  director  for  science  and 
technology  at  the  CIA. 

David  is  now  president  and  CEO  of 
Analytic  Services  Inc.,  an  independent, 
not-for-profit,  public  service  research 
institution  in  Arlington,  Va. 
She  and  Bill  Crowell,  CEO  of 
Santa  Clara,  Calif.-based  secu¬ 
rity  firm  Cylink  Corp.  and  a 
former  deputy  director  of  the  super¬ 
secret  National  Security  Agency,  each 
participated  in  rare  interviews  with 
Computerworld’ s  Dan  Verton.  They 
discussed  the  threats  posed  by  cyber¬ 
terrorist  attacks  and  the  steps  that  the 
public  and  private  sectors  should  take 
to  thwart  them. 


There’s  been  speculation,  even  before 
Sept.  11,  about  the  U.S.’s  vulnerability  to 
an  “electronic  Pearl  Harbor”  or  cyberter¬ 
rorist  attack.  How  has  this  changed  since 
Sept.  11,  and  how  vulnerable  are  the  various 
economic  sectors  to  cyberterrorist  attacks? 

David:  While  it  is  true  that  major  ter¬ 
rorist  attacks  to  date  have  targeted  hu¬ 
man  lives,  I  would  not  blindly  extrapo¬ 


late  that  behavior  into  the  future.  After 
all,  on  Sept.  10,  we  would  not  have  ex¬ 
pected  a  hijacker  to  turn  a  commercial 
airplane  full  of  passengers  into  a  guid¬ 
ed  missile,  and  even  on  Sept.  12,  we 
did  not  envision  exploding  shoes  as 
a  threat  to  aviation. 

In  the  aftermath  of  the  9/11  attacks, 
those  adversaries  almost  certainly  ob¬ 
served  the  immediate  effect  of  service 
interruptions  as  well  as  the  prolonged 
economic  impact  of  infrastructure  dis¬ 
ruptions.  While  the  weapon  used  was 
explosive  rather  than  cyber,  it  doesn’t 
take  much  imagination  to  see  that  sim¬ 
ilar  effects  could  be  achieved  through 
cyberterrorism. 

Crowell:  Clearly,  the  vulnerabilities  of 
the  nation  to  cyberattack  are  growing. 
Critical  national  functions  like  bank¬ 
ing,  financial  services,  health,  water 
and  communications  are  increasingly 
dependent  on  highly  automated  sys¬ 
tems  that  connect  the  many  nodes  of 
their  operations. 

These  changes  in  the  degree  to 
which  business  and  the  government 
are  dependent  on  public  networks 
have  been  occurring  for  about  a 
decade.  The  disturbing  thing  is  that  all 
of  the  trends  are  in  the  wrong  direc¬ 
tion.  Business  is  moving  more  and 
more  critical  functions  to  networks. 
The  speed  and  complexity  of  the  de¬ 
ployments  make  it  difficult  for  them  to 


employ  good  defenses  rapidly.  Diver¬ 
sity  is  decreasing  as  we  migrate  more 
to  common  operating  systems  and 
common  network  systems. 

To  what  extent  is  the  war  on  terrorism, 
particularly  the  battle  for  improved  home¬ 
land  security,  a  technology  problem?  What 
roles  do  you  see  the  government,  corporate 
America  and  the  IT  vendor/developer  com¬ 
munity  playing? 

David:  Technology  is  only  one  com¬ 
ponent.  Without  supporting  policy, 
effective  processes  and  well-trained 
people,  technologies  solve  nothing. 
Deployment  of  facial  recognition  tech¬ 
nologies  at  border  entry  points  will  not 
ensure  apprehension  of  terrorists. 

Corporate  America  will  play  an  in¬ 
creasingly  important  role  in  develop¬ 
ing  security  technologies  to  protect 
nongovernmental  personnel  and  prop¬ 
erty  that  may  be  targeted  by  terrorists 
attacking  what  we  are  as  a  nation  rather 
than  what  we  do  as  a  government. 

Crowell:  The  battle  for  improved 
homeland  security  involves  both  tech¬ 
nology  and  processes.  Technology  can 
be  used  to  make  the  processes  more 
efficient,  predictable  and  effective. 

The  Transportation  Security  Agen¬ 
cy,  [Federal  Aviation  Administration] 
and  Department  of  Transportation  are 
all  looking  for  ways  to  improve  [air¬ 
port  security].  However,  I  am  particu¬ 
larly  concerned  that  many  of  the  criti¬ 
cal  processes  are  now  using  technolo¬ 
gies  that  are  more  vulnerable,  not  less. 
An  example  is  the  use  of  wireless 
LANs  for  the  tracking  of  baggage. 
Without  proper  encryption  and  au¬ 
thentication,  the  baggage  handling  sys¬ 
tem  will  not  prevent  either  insider  or 
outside  attack. 

Some  have  said  that  the  government’s  push 
to  create  a  separate  and  secure  intranet 
(GovNet)  for  sensitive  government  opera- 
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BUSINESSES  ARE  MOVING  critical  functions  onto  networks  so  quickly  that  it’s  difficult 
for  them  to  deploy  good  defenses  in  a  timely  fashion,  says  Cylink  CEO  Bill  Crowell. 


tions  and  possibly  e-commerce 
is  tantamount  to  throwing  in 
the  towel  on  Internet  security. 

Are  there  viable  alternatives 
to  disconnecting  from  the 
Internet? 

David:  To  the  extent  that 
terrorists  attack  symbols 
of  America,  seek  to  shake 
the  confidence  of  the  public  in  our 
government’s  ability  to  protect  [citi¬ 
zens],  and/or  seek  to  inflict  economic 
damage,  GovNet  solves  nothing,  since 
many  valuable  cybertargets  would  be 
left  undefended.  In  fact,  a  separate  net¬ 
work  might  actually  impede  the  home¬ 
land  security  mission  since  it  could 
further  isolate  government  from  indus¬ 


“Clearly,  the  vulner¬ 
abilities  of  the  nation 
to  cyberattack  are 
growing.” 

-  Bill  Crowell.  CEO, 
Cylink  and  former 
deputy  director,  NSA 


try  and  the  American  pub¬ 
lic  at  a  time  when  commu¬ 
nication  and  collaboration 
are  desperately  needed. 

In  particular,  I  believe  the 
absence  of  a  coherent  gov¬ 
ernmentwide  security  poli¬ 
cy  has  significantly  limited 
our  ability  to  protect  sensi¬ 
tive  government  operations. 

Crowell:  I  think  that  the  GovNet  ini¬ 
tiative  has  been  misrepresented  in  the 
press.  Perhaps  this  is  because  the  gov¬ 
ernment  did  not  carefully  lay  out  the 
principles  in  the  beginning  of  the  dis¬ 
cussion.  [The  government  has]  advo¬ 
cated  that  the  core  mission  systems  be 
on  separate  private  networks  that  are 


highly  protected  from  denial-of-service 
attacks  and  from  hacking  and  cyber¬ 
attacks. 

The  Internet  would  be  used  for 
e-government  to  enjoy  the  enormous 
reach  it  provides  to  the  public.  These 
are  not  new  concepts.  In  banking  and 
financial  services,  these  policies  have 
long  been  the  basis  for  their  risk  man¬ 
agement  practices. 

Howard  Schmidt,  the  deputy  chairman 
of  the  President’s  Critical  Infrastructure 
Protection  Board,  said  recently  that  the 
next  national  plan  for  protecting  the  coun¬ 
try’s  critical  systems  and  networks  will 
be  written  with  the  help  of  the  private  sec¬ 
tor.  What  do  you  think  the  immediate  priori¬ 
ties  and  focus  should  be  for  such  a  public/ 
private  plan? 

David:  If  I  were  to  offer  a  top  priority, 
it  would  be  to  establish  trust  between 
government  and  industry  and  among 
the  key  industry  sectors.  This  means 
first  and  foremost  to  create  a  safe  envi¬ 
ronment  for  the  sharing  and  analysis  of 
information  regarding  cyberattacks 
and  discovered  vulnerabilities. 

My  next  priority  would  be  to  bolster 
our  intrusion-detection  capabilities.  I 
worry  less  about  the  overt  attacks  that 
disrupt  service  than  the  subtle  attacks 
designed  to  steal  or  corrupt  data  —  at¬ 
tacks  that  may  go  undetected  until  dis¬ 
aster  occurs. 

Crowell:  I  think  that  there  are  two 
elements  that  should  be  part  of  the 
plan.  The  first  is  that  the  government 
should  be  a  leader  in  network  security 
and  move  quickly  to  employ  the  best 
practices  for  both  GovNet  and  e-gov¬ 
ernment.  The  second  is  that  the  [Se¬ 
curities  and  Exchange  Commission] 
should  establish  the  same  risk  disclo¬ 
sure  rules  for  network  security  that  it 
used  to  focus  attention  on  Y2k  and  on 
disaster  recovery. 

Without  such  a  mechanism,  there  is 
a  strong  likelihood  that  the  vulnerabili¬ 
ties  and  risks  in  network-based  busi¬ 
ness  won’t  get  the  attention  that  [they 
need]  until  there  is  a  disastrous  event. 

I  think  that  the  disaster  recovery  sys¬ 
tems  of  the  financial  businesses  in  the 
World  Trade  Center  saved  many  of 
them  from  total  collapse.  I 


Terrorism 
101  With 
Eric  Shaw 


Eric  Shaw,  a  former  CIA  profiler  and 
clinical  psychologist  who  now  con¬ 
sults  for  Stroz  &  Associates  LLC,  a 
cybersecurity  firm  in  New  York,  takes 
Computerworid's  Dan  Verton  inside 
the  minds  of  terrorists. 

There’s  been  a  lot  of  speculation, 
even  before  Sept.  11,  about  the  na¬ 
tion’s  vulnerability  to  an  “electronic 
Pearl  Harbor,”  or  cyberterrorist  at¬ 
tacks.  But  there  has  been  little  evi¬ 
dence  that  terrorists  value  cyber¬ 
attacks.  What  has  changed  since 
Sept.  11? 

Shaw:  There's  still  little  evidence  that 
traditional  terrorist  groups  place  a  high 
priority  on  cyberattacks  vs.  using  infor¬ 
mation  technology  for  communication, 
command  and  control,  and  propaganda. 
Guns,  bombs  and  vehicles  [such  as] 
trucks,  planes  and  boats  for  delivery  ap¬ 
pear  to  be  quite  adequate  for  their 
needs,  as  the  Sept.  11  attacks  showed. 

I  am  worried  that  a  new  operational 
standard  has  been  set  up  for  imitation. 

I  think  we  are  going  to  see  more  attacks 
on  relatively  unprotected  civilian  sites 
and  on  individuals.  The  same  trend  may 
occur  in  this  country  as  terrorists  turn 
away  from  heavily  fortified  government 
facilities  to  less  protected  corporate 
sites. 

Are  there  any  exceptions  to  the 
lack  of  terrorist  interest  in  cyber¬ 
attacks? 

Shaw:  Yes.  First,  there  are  several  types 
of  nontraditional,  politically  motivated 
groups  that  cannot  at  present  be  consid¬ 
ered  terrorists  that  have  utilized  low-level 
cyberassaults,  especially  denial-of- 
service  attacks.  These  groups  often  are 
referred  to  as  members  of  antiglob¬ 
alization,  hacker,  anarchist  and  other 
coalitions,  often  associated  with  our  po¬ 
litical  left.  They  have  actively  organized 
and  recruited  individuals  and  groups  for 
cyberattacks  against  their  identified  ad¬ 
versaries. 

Second.  I  am  concerned  about  online 
or  face-to-face  recruitment  of  disgrun¬ 
tled  IT  specialists.  For  example,  there 
were  rumors  earlier  this  year  that  an  al- 
Qaeda  affiliate  had  placed  moles  into 
Microsoft  who  had  introduced  Trojans 
into  Windows  XP.  Though  denied  by  the 
company,  think  of  the  potential  impact. 

The  IT  field  is  one  of  the  most  interna¬ 
tional  and  ethnically  diverse  in  this  coun¬ 
try,  and  its  members . . .  may  represent 
a  very  attractive  recruitment  pool  for  ter¬ 
rorist  organizations. 
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There's  a  Dell  PowerEdge  server 
for  every  kind  of  business. 

From  “kind  of  start  up"  to  "kind  of  FORTUNE  500?" 


No  matter  the  size  of  your  company,  we've  got  a  server  that  fits.  Dell  PowerEdge  servers  with  Windows®  2000  Server  have  many  amazing 
"abilities":  scalability,  availability,  manageability  and  serviceability.  So  they  grow  with  your  business,  minimize  downtime,  are  easy  to  integrate  and 
even  easier  to  support.  No  matter  what  your  business  needs  -  from  file/print  to  database  management  -  you  can  choose  a  PowerEdge1"  server  with 
Microsoft®  Windows®  2000  Server  operating  system  that  is  right  for  you.  And,  by  dealing  direct  with  Dell,  you  get  a  system  customized  to  fit  your  business 
needs,  at  an  affordable  price,  backed  by  our  award-winning  service  and  support.  It's  a  nice  mix  of  exactly  the  server  you  need  with  exactly  the  operating  system  you  want. 

Dell  Rated  #1  in  Intel  Server  Satisfaction 

Technology  Business  Research 
Corporate  IT  Buying  Behavior  and  Customer  Satisfaction  Study 

3rd  Quarter 
-  December  2001 
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PowerEdge™  1500SC  Server 

NEW  Simple  and  Strong  Server 

•  Intel®  Pentium®  III  Processor  at  1.13GHz 

•  Dual  Processor  Capable 

•  128MB  133MHz  ECC  SDRAM  (up  to  4GB) 

•  18GB5  (10K  RPM)  Hot-Swap  Ultra3  SCSI  Hard  Drive 

•  Embedded  Dual-Channel  Ultra3  SCSI  Controller 

•  Embedded  Gigabit  NIC 

•  1-Yr  Next  Business  Day  On-Site  Service)  1-Yr  Limited  Parts 
Warranty,'  1-Yr  24x7  Dedicated  Server  Phone  Tech  Support 


$1299 


QuickLoan:  $35/mo„  48  mos” 

©E-VALUE  Code: 

1 


'11070-290412 


Recommended  upgrades: 

•  NEW  PowerConnect"  2124*  24-Port  Unmanaged  Switch 
with  Gigabit  Port,  add  $299 

•  System  Including  Small  Business  Server  2000  and 
Memory  Upgrade  to  256MB  is  $2699 


PowerEdge™  1650  Server 

NEW  Highly  Available  1U  Rack-Optimized  GP  Server 

•  Intel®  Pentium®  III  Processor  at  1.13GHz 

•  Dual  Processor  Capable 

•  128MB  133MHz  ECC  SDRAM  (up  to  4GB) 

•  18GBS  (1  OK  RPM)  Hot-Swap  Ultra3  SCSI  Hard  Drive 

•  Dual  Embedded  Gigabit  NICs 

•  Hot-Plug,  Redundant  Cooling  Fans 

•  Optional  Embedded  Dual-Channel  RAID  Solution 

•  Optional  Redundant  Power  Supplies 

•  3-Yr  Next  Business  Day  On-Site  Service3 


$1699 © 


QuickLoan:  $45/mo.,  48  mos!' 

E-VALUE  Code: 
11070-290416 


Recommended  upgrade: 

•  System  Including  Windows'  2000  Server  is  $2499 


PowerEdge™  2500  Server 


PowerVault™  PV715N  Storage 


Robust  and  Scalable  Server 

•  Intel®  Pentium®  III  Processor  at  1.13GHz 

•  Dual  Processor  Capable 

•  128MB  133MHz  ECC  SDRAM  (up  to  6GB) 

•  18GB5  (1  OK  RPM)  Hot-Swap  Ultra3  SCSI  Hard  Drive 

•  Embedded  Dual-Channel  Ultra3  SCSI  Controller 

•  Embedded  Intel®  10/100  NIC 

•  Hot-Plug,  Redundant  Cooling  Fans 

•  Optional  Hot-Plug,  Redundant  Power  Supplies 

•  Optional  Embedded  Dual-Channel  RAID  Solution 

•  3-Yr  Next  Business  Day  On-Site  Service3 


$1899 


QuickLoan:  $50/mo„  48  mos'.' 

©E-VALUE  Code: 

1 


'11070-290418 


Recommended  upgrades: 

•  PowerConnect"  3024*  24-Port  Managed  Switch,  add  $699 

•  System  Including  Windows®  2000  Server  is  $2699 


NEW  NAS  File  Sharing  Storage 

•  Offloads  Storage  Load  from  Desktops  and  Sewers 

•  Snap  Shot  Capability  for  Backing  up  Network  Data 

•  Intel®  Celeron®  Processor  at  900MHz 

•  256MB  SDRAM  (up  to  512MB) 

•  160GB  IDE  Hard  Drive  -  Four  40GB  Bays 

•  Dual  10/100  Ethernet  Ports 

•  SCSI  Port  for  Local  Backup 

•  Multi-Platform  Support  of  PC,  Unix,  Apple,  and  Novell 

•  Powered  by  Windows®  Operating  System 

•  1-Yr  Next  Business  Day  On-Site  Service)  3-Yr  Limited  Parts 
Warranty)  Lifetime  24x7  Dedicated  Server  Phone  Tech  Support 


$1799  o 


QuickLoan:  $48/mo„  48  mos!' 

E-VALUE  Code: 

11 070- 29041 7n 


pentium®/// 


Servers  for  any  size  business.  Easy  as 
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COMPUTERWORLD  April  8, 2002 


Here  are  the  tales  of  three  trail- 
blazers  whose  work  in  computer 
security  and  forensics  have 
helped  shape  modem  practices. 

By  Deborah  Radcliff 


standard  for  computer  forensics  now 
used  by  law  enforcement  agencies 
around  the  nation. 

And  there’s  Dorothy  Denning,  a  dis¬ 
tinguished  computer  science  professor 
at  Georgetown  University  in  Washing¬ 
ton,  whose  writings  have  set  the  stage 
for  information  security  practitioners 
for  the  past  27  years. 

Fight  of  Her  Life 


SECURITY 


s  far  back  as  the  1970s, 
three  women  began 
preparing  the  world  for 
the  havoc  about  to  be 
unleashed  by  networked 
computing.  From  their  humble  origins 
in  law  enforcement  and  academia,  their 
influence  on  computer  security  prac¬ 
tices  has  spread  to  government  and  pri¬ 
vate  sector  alike  —  despite  the  fact  that 
two  of  the  women  had 
virtually  no  IT  or  scientific 
backgrounds. 

These  security  pioneers  include 
Martha  Stansell-Gamm,  a  former  U.S. 
Air  Force  judge  advocate  who  started 
an  arduous  fight  against  breast  cancer 
as  she  took  over  leadership  of  the  then 
8-year-old  Computer  Crime  and  Intel¬ 
lectual  Property  section  of  the  U.S. 
Department  of  Justice  (DOJ). 

While  developing  the  DOJ’s  foren¬ 
sics  procedures  for  search  and  seizure 
of  electronic  evidence,  Stansell-Gamm 
crossed  paths  with  Raemarie  Schmidt, 
who  developed  digital  forensics  proce¬ 
dures  for  Wisconsin’s  branch  of  the 
DOJ.  Schmidt’s  work  helped  set  the 


For  eight  years,  Stansell-Gamjn  part¬ 
nered  with  her  department  chief,  Scott 
Charney,  to  grow  the  Computer  Crime 
and  Intellectual  Property  section  of 
the  DOJ.  Logically,  Stansell-Gamm  was 
the  best  choice  to  fill  Charney’s  shoes 
when  he  left  the  department  in  1999. 
But  the  same  week  she  learned  of  her 
promotion,  she  received  news  of  a 
different  sort:  She  was  diagnosed  with 
advanced  breast  cancer. 

The  department  was  already  smart¬ 
ing  from  the  loss  of  its  founder,  and 
Stansell-Gamm  worried  about  what 
would  happen  to  her  unit  during  this 
leadership  vacuum. 

“All  I  could  do  is  put  one  foot  in 
front  of  the  other,  count  on  the  section 
to  do  right  by  me  and  to  do  right  by 
our  mission,”  she  says.  “Everyone  just 
handled  it.  They  jumped  into  unfin¬ 
ished,  high-level  projects  they  had  no 
experience  with  and  took  over  what 
needed  to  be  done.” 

Now  cancer-free,  she’s  been  back  on 
the  job  for  two  years,  leading  the  DOJ’s 
efforts  in  multijurisdictional  computer 
crime  investigations  and  coordinating 
DOJ  representation  in  developing  in¬ 
ternational  cyberlaws.  The  biggest  and 
most  difficult  part  of  her  job,  she  says, 
is  getting  all  the  players  —  corporate 
victims,  law  enforcement,  state  attor¬ 
neys  and  intelligence  agencies  —  to 
“kick  the  ball”  to  one  another. 

“We’re  like  a  bunch  of  5-year-olds 


ecunty 

endnels 


WHO  IS  SHE? 

Martha 

Stansell-Gamm 

Position:  Chief,  Intellectual  Property 
and  Computer  Crime,  DOJ 

Education:  Phi  Beta  Kappa,  DePauw 
University,  Greencastle,  Ind.;  law  de¬ 
gree,  Georgetown  University;  master’s 
in  international  law,  Harvard  University 

Claims  to  fame: 

■  Helped  shape  amendments  to  the 
1986  Computer  Fraud  and  Abuse  Act 

■  Group  chairwoman  and  editor. 

Federal  Guidelines  for  Searching  and 
Seizing  Computers,  1994 

■  U.S.  representative  in  Council  of  Eu¬ 
rope’s  Cybercrime  Treaty,  1992-2001 

■  Coordinated  the  DOJ’s  participation 
in  many  high  profile  investigations, 
starting  with  the  investigation  that 
landed  computer  cracker  Kevin  Mitnick 
behind  bars  in  February  1995 


playing  soccer,  where  we  all  huddle 
around  the  ball,”  says  Stansell-Gamm, 
who  was  a  soccer  mom  when  her  three 
kids,  now  teens,  were  younger.  “At 
public  speaking  engagements,  I  tell 
audiences  that  we  need  to  position  our¬ 
selves  on  the  field  and  pass  the  ball.” 

That  type  of  statement  is  typical  of 
Stansell-Gamm,  says  Charney,  who 
became  Microsoft  Corp.’s  chief  securi¬ 
ty  officer  April  1.  “She  sees  the  com¬ 
plexity  of  each  issue,”  he  explains  of 
her  leadership  from  1994  to  1996  in 
amending  the  sentencing  guidelines  to 
the  1984  Computer  Crime  and  Abuse 
Act.  “For  example,  she  recognizes  that 
enforcing  new  laws  on  the  Internet 
could  chill  free  speech,  so  she  has  been 
careful  not  to  turn  evolving  social 
mores  on  the  Internet  into  definitions 
of  criminal  activity,”  he  says. 

Forensics  Forerunner 

Working  law  enforcement  investiga¬ 
tions  in  the  mid-1990s  was  an  exciting 
time  for  Schmidt,  a  digital  forensics 
pioneer  and  supervisor  of  curriculum 
development  for  the  computer  crimes 
section  at  the  National  White  Collar 
Crime  Center  in  Fairmont,  WVa. 

“We’d  go  in  behind  the  raid  team  and 
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Who:  RAEMARIE  SCHMIDT 

Position:  Supervisor,  curriculum 
development,  computer  crime  sec¬ 
tion,  National  White  Collar  Crime 
Center,  Fairmont,  W.Va. 
(www.cybercrime.org) 

Education:  Bachelor's  degree  in 
chemistry,  University  of  Wisconsin 

Claims  to  fame: 

■  Chaired  the  DOJ’s  working  group 
to  develop  digital  evidence  seizure 
and  processing  protocols  for  the 
state  of  Wisconsin 

■  Assisted  on  search  warrants  and 
laboratory  forensics  examinations 
for  the  Wisconsin  State  Crime  Lab 
and  the  National  White  Collar  Crime 
Center  from  1992  to  1999 

■  Trainer  at  the  Federal  Law  En¬ 
forcement  Training  Center,  state 
agencies,  NATO  and  the  American 

Academy  of  Foren¬ 
sics  Science 
■  Oversees  curricu¬ 
lum  development  at 
the  National  White 
Collar  Crime  Center 


Who:  DOROTHY  DENNING 

Position  Distinguished  professor, 
computer  science,  Georgetown 
University 

Education  Bachelor’s  and  master’s 
degrees  in  mathematics,  University 
of  Michigan;  doctorate  in  computer 
science,  Purdue  University 

Claims  to  fame: 

■  Founder  of  Georgetown’s  Institute 
for  Information  Assurance 

■  Writer  on  encryption,  intrusion 
detection,  information  warfare 
and  many  other  must-reads  for  IT 
security  leaders 

■  Awards  include  Security  Innovator, 
Time  magazine,  2001;  TechnoSecu- 
rity  Professional  of  the  Year,  2000; 
National  Computer  Systems  Security 
Award,  1999 

■  Association  for 
Computing  Machin¬ 
ery  (ACM)  fellow, 
1999;  ACM  Recog¬ 
nition  of  service 
award,  1985, 1987, 
1989, 1994, 1995 


use  an  early  precursor  to  the  Jazz  and 
Zip  drives  to  make  evidentiary  backups 
from  parallel  port  to  parallel  port.  We 
had  to  do  this  without  shutting  down 
the  legitimate  business  completely,” 
she  says.  “And  in  home  searches,  you’d 
walk  into  a  disaster  zone  —  cables, 
equipment  and  floppies  everywhere.” 

Before  getting  into  computer  investi¬ 
gations,  Schmidt  tested  drugs  for  20 
years,  first  for  a  pharmaceutical  com¬ 
pany  and  then  for  law  enforcement, 
where  she  set  up  the  drug  testing  facil¬ 
ity  for  the  Wisconsin  State  Crime  Lab 
in  Milwaukee.  That’s 
where  she  discovered  her 
knack  for  technology,  link¬ 
ing  laboratory  testing  in¬ 
struments  to  early  Unix 
systems  in  the  late  ’80s  by 
soldering  on  the  cable  con¬ 
nectors  herself. 

So  when  her  boss  re¬ 
turned  from  a  seminar  in 
1992  and  charged  Schmidt  with  devel¬ 
oping  a  computer  forensics  depart¬ 
ment,  she  approached  it  scientifically 
and  technologically.  She  used  her  sci¬ 
ence  skills  to  turn  the  ad  hoc  process 
of  computer  investigations  into  a  mod¬ 
ern-day  forensics  practice.  Then  she 
used  her  technological  prowess  to 
track  down  computer  vulnerabilities 
and  technologies  to  aid  investigators. 

Now,  as  supervisor  of  curriculum 
development,  she’s  overhauling  old 
courses  and  adding  new  ones,  along 
with  hiring  and  screening  contractors 
and  investigators  and  overseeing  in¬ 
structor  development.  And  she’s  still 
researching  the  ways  new  technologies 
will  be  used  in  crimes. 

“In  the  last  year,  we’ve  really  only 
seen  the  tip  of  the  iceberg  in  digital 
forensics,”  says  Chris  Stippich,  co¬ 
founder  of  Digital  Intelligence  Inc.  in 
Waukesha,  Wis.,  who  worked  with 
Schmidt  at  both  the  Wisconsin  State 
Crime  Lab  and  the  National  White 
Collar  Crime  Center.  “I  think  Rae- 
marie’s  going  to  continue  to  be  at  the 
forefront,  pushing  the  envelope  on  the 
discipline  of  digital  forensics.” 

The  Security  Mentor 

The  relationship  between  comput¬ 
ing  subsystems  and  user  access  to 
resources  intrigued  Denning  in  the 
1970s.  She  wrote  her  doctoral  thesis  on 
secure  information  flow  in  1975,  some 
20  years  before  colleges  were  thinking 
about  information  security  courses. 

“The  topic  of  my  thesis  was  how  to 
keep  top-secret  data  from  reaching  an 
uncleared  user,  which  was  a  challeng¬ 
ing  problem  for  the  Department  of 
Defense,  who  wanted  all  levels  of  users 


“These  women  share  the 
common  goat  of  building 
secure  and  healthy  net¬ 
works  and  doing  the 
right  thing  to  get  there.” 

-  Howard  Schmidt,  co-chair. 
President's  Critical  Infra¬ 
structure  Protection  Board 


to  share  the  same  computer,”  she  says. 

After  publishing  her  thesis,  Denning 
kept  writing.  Since  then,  her  120  arti¬ 
cles,  three  books  and  television  and 
radio  appearances,  along  with  con¬ 
gressional  testimonies,  are  the  basis  for 
much  of  today’s  thinking  on  IT  security. 

“She’s  become  a  mentor  for  those  of 
us  who  are  operational  in  the  field, 
even  though  she’s  an  academic,”  says 
Howard  Schmidt,  co-chairman  of  the 
President’s  Critical  Infrastructure 
Protection  Board  in  Washington.  “Her 
writings  give  me  a  balance,  particularly 
those  on  information  war¬ 
fare,  intrusion  detection, 
and  even  her  unpopular 
belief  on  the  Clipper  chip 
and  encryption-key  es¬ 
crow,”  he  says,  referring  to 
when  Denning  positioned 
herself  on  the  side  of  the 
government  for  these  col¬ 
lection  and  recovery  initia¬ 
tives.  When  she  did,  the  outcry  was 
deafening. 

“The  attacks  were  very  personal,” 
she  says.  “I  had  new  names,  like 
‘Wicked  Witch  of  the  East.’  I  would 
come  home  very  stressed  out.” 

Denning  coped  by  doing  more  re¬ 
search,  even  polling  Howard  Schmidt 
and  others  about  the  impacts  of  en¬ 
cryption  on  evidence  recovery.  She 
also  responded  in  forums,  including  a 
July  1996  HotWired  “Brain  Tennis” 
match  with  John  Gillmore,  co-founder 
of  the  San  Francisco-based  Electronic 
Frontier  Foundation.  Eventually,  as 
the  government’s  proposals  failed  and 
Denning  took  a  position  in  favor  of 
easing  encryption  export  laws,  the 
criticism  died  down. 

As  Howard  Schmidt  says,  Denning’s 
position  is  all  about  balance.  She  talks 
of  the  balance  between  computer  secu¬ 
rity  and  operability,  something  that 
made  her  quit  her  job  in  the  early  ’80s 
at  Menlo  Park,  Calif.-based  SRI  Inter¬ 
national  Inc.,  where  her  responsibili¬ 
ties  included  trying  to  secure  databas¬ 
es.  She  left  for  a  position  at  Digital 
Equipment  Corp.  that  focused  on  us¬ 
ability.  Denning  continues  to  analyze 
trends  in  network  attacks  for  signs  of 
terrorist  activity. 

“People  want  to  know  if  cyberterror¬ 
ism  is  going  to  happen  and  when  it  will 
happen,”  she  says.  “It’s  hard  to  know 
because  it’s  speculative.”  I 


Quick 

Link 


For  links  to  more  information  about 
these  women,  visit: 
www.computerworld.com/q?28313 
Nancy  Wong  was  recruited  by  the 
National  Security  Agency  to  help  set  up  the  White 
House's  Critical  Infrastructure  Assurance  Office.  Learn 
more  about  her  at  www.computerworld.corn/q?28567 
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CSE  Concerns 
ankle  IT  Pros 

Despite  the  fact  that  Microsoft  did  an  about-face 
last  fall  and  will  continue  honoring  MCSE  NT  4.0 
certifications,  many  IT  professionals  are  still  miffed 
about  its  credential  requirements.  By  Julekha  Dash 


Months  of  confusion  re¬ 
garding  Microsoft  Corp.’s  po¬ 
sition  on  its  Windows  NT  4.0 
certification  exam  have  left 
some  IT  professionals  feel¬ 
ing  uncertain  about  the  fu¬ 
ture  of  their  credentials. 

In  2000,  the  software  maker  an¬ 
nounced  that  the  Microsoft  Certified 
Systems  Engineer  (MCSE)  NT  4.0  cer¬ 
tification  would  expire  by  the  end  of 
2001  and  that  IT  professionals  certified 
on  NT  4.0  would  have  to  upgrade  to 
Windows  2000  in  order  for  their  certi¬ 
fications  to  remain  valid.  Some  critics 
saw  this  as  an  attempt  to  strong-arm 
IT  workers  and  the  industry  at  large  to 
migrate  to  Windows  2000. 

In  response  to  these  complaints,  Mi¬ 
crosoft  reversed  its  position  in  Octo¬ 
ber.  But  in  spite  of  the  turnaround, 
some  IT  workers  say  they  are  still 
wary  of  the  company’s  policy  regard¬ 
ing  certification  exams. 

Certification  Bandwagon 

“A  lot  of  people  jumped  onto  the  cer¬ 
tification  bandwagon  in  hopes  of  fin¬ 
ishing  the  MCSE  certification  within 
six  to  nine  months  or  a  year,”  says  Matt 
Pierce,  a  network  administrator  at 
Saferent  Inc.,  a  Denver-based  company 
that  provides  applicant-screening  ser¬ 
vices  for  apartment  communities.  But 
when  Microsoft  announced  it  would 
retire  the  NT  4.0  exams,  some  IT 
workers  abandoned  the  idea  of  getting 
certified  in  a  technology  that’s  on  its 
way  out,  he  says. 

Then,  when  Microsoft  reversed  its 
decision  and  said  it  wouldn’t  retire  NT 
TO,  IT  professionals  lost  valuable  time 
that  they  could  have  spent  preparing 


for  the  NT  4.0  exams,  Pierce  adds. 

One  compromise  Microsoft  offered 
until  the  end  of  last  year  was  an  accel¬ 
erated  Windows  2000  track  for  those 
who  had  passed  three  NT  4.0  exams.  If 
an  IT  worker  were  to  pass  a  one-shot 
examination,  he  could  forgo  the  nor¬ 
mal  four  core  exams  —  and  become 
certified  in  Windows  2000.  Three  elec¬ 
tive  exams  were  also  required  in  either 
case.  But  Microsoft  stopped  offering 
the  one-shot  exam  in  December  of  last 
year  (see  timeline). 

Garrette  Slonacher,  a  network  engi¬ 
neer  at  Response  Computer  Group  Inc. 
in  Milford,  Del.,  failed  the  accelerated 
exam  in  December.  Slonacher  says  he 
“doesn’t  have  time  to  study  five  hours 
a  night”  in  addition  to  working  and 
spending  time  with  his  family.  His 
employer  spent  $10,000  to  send  him  to 
an  MCSE  “boot  camp”  to  prepare  for 
the  MCSE  NT  4.0  exams. 

Slonacher  says  he  was  shocked  when 
he  heard  that  Microsoft  would  retire 


MCSE  Timeline 


the  certifications.  “I  didn’t  think  I’d 
lose  the  certification,”  he  says.  “If  you 
get  a  degree  in  electronic  engineering, 
you  don’t  lose  the  engineering  degree 
because  of  new  technology.” 

Even  though  Microsoft  decided  not 
to  retire  the  MCSE  NT  4.0  credential, 
Slonacher  is  skeptical  as  to  how  long  it 
will  be  recognized  before  Microsoft 
begins  pushing  newer  technologies 
such  as  .Net  instead  of  Windows  2000. 

“Everybody  is  still  overwhelmed  by 
Win  2k  and  Active  Directory,  even 
though  [they  have  been]  out  for  a  long 
time,”  says  Pierce.  As  Microsoft  intro¬ 
duces  new  platforms,  such  as  .Net  and 
XP,  it’s  difficult  to  keep  up  with  every 
new  technology,  he  says. 

Anne  Marie  McSweeney,  director  of 
certification  skills  and  assessment  at 
Microsoft,  says  the  company  decided 
in  October  that  it  wouldn’t  “decertify” 
any  other  Microsoft  certificate  hold¬ 
ers.  “People  in  the  program  can  be  as¬ 
sured  that  they  are  [certified]  for  life,” 
she  adds. 

A  Change  of  Heart 

David  Sanders,  general  manager  of 
Management  Systems  Designers  Inc. 
in  Vienna,  Va.,  applauds  Microsoft  for 
reversing  its  decision  last  fall.  This 
change  of  heart  allows  companies  and 
IT  professionals  greater  flexibility  to 
use  the  technologies  with  which  they 
are  most  comfortable,  says  Sanders, 
whose  company  is  a  certified  Micro¬ 
soft  Solution  Provider  that  does  high- 
tech  work  for  federal  agencies. 

Although  some  larger  companies 
have  specified  that  they  want  to  hire 
people  who  are  certified  in  the  latest 
versions  of  Windows,  NT  is  still  very 
popular,  notes  Sanders.  “When  you 
look  at  the  business  community,  NT 
and  derivatives  still  dominate,”  he  says. 

Yet  some  analysts  think  getting  re¬ 
certified  is  the  only  way  to  stay  com¬ 
petitive  in  the  technology  industry.  “If 


BOTTOMING  OUT 
ON  BONUS  PAY 

According  to  a  new  report  from  Foote  Part¬ 
ners  LLC,  bonuses  for  Windows  NT  special¬ 
ists  dropped  41%  from  the  first  quarter  to 
the  fourth  quarter  of  last  year,  due  primarily 
to  a  combination  of  layoffs,  a  decline  in  de¬ 
mand  for  NT  specialists,  and  cuts  in  spend¬ 
ing  on  servers  and  PCs. 


PERCENTAGE  OF  BONUS  PAY 
DECLINE  IN  2001 


SKILL  TYPE 

4QVS. 

3Q 

4QVS. 

IQ 

ATM 

33% 

50% 

Cc:Mail 

29% 

44% 

Windows  NT 

17% 

41% 

Routing 

18% 

40% 

PowerBuilder 

17% 

38% 

Lawson  Software 

11% 

38% 

J.D.  Edwards 

11% 

38% 

HTTP 

25% 

33% 

lOBase-T  switching 

20% 

33% 

Ethernet 

22% 

30% 

SOURCE  •'2002  TREND  REPORT:  TECHNICAL  SKILLS  AND 
CERTIFICATION  PAY."  FOOTE  PARTNERS  LLC.  NEW  CANAAN. 
CONN. 

you  play  in  this  game,  there  is  a  con¬ 
stant  recertification  process,”  says 
Dave  Murphy,  membership  director  at 
the  International  Association  of  Infor¬ 
mation  Technology  Trainers  Ltd.  in 
Elkridge,  Md.  And  if  Microsoft  decides 
to  retire  a  particular  certification,  peo¬ 
ple  can  simply  explain  on  their  re¬ 
sumes  that  they  were  “certified  until 
Microsoft  canceled  the  exam,”  he  adds. 

The  best  move  for  time-pressed  IT 
workers  is  to  be  selective  about  their 
Microsoft  certifications,  says  Pierce. 
“There  is  no  need  to  be  certified  in 
everything  Microsoft  does.  It’s  not  re¬ 
alistic,”  he  says.  “Companies  are  not 
always  quick  to  jump  on  the  latest  Mi¬ 
crosoft  product  until  multiple  service 
packs  have  been  released  and  the  bugs 
have  been  eliminated.” 

In  addition,  says  Pierce,  IT  workers 
would  be  better  prepared  in  the  mar¬ 
ketplace  if  they  broadened  their  skills 
by  getting  certified  through  other  ven¬ 
dors  or  organizations.  I 


Dash  is  a  freelance  writer  in  Lewes, 

Del.  She  can  be  reached  at  mail@ 
julekhadash.com 

To  read  other  Computerworldsiories 
about  Microsoft  Certified  Systems 
Engineers,  visit  our  Web  site:  www. 
computerworld.com/q?28366 


FALL  1999  -< - 

Microsoft  announces  that  IT 
workers  who  hold  MCSE  NT 
4.0  certification  must  pass 
Windows  2000  exams  by 
Dec.  31, 2001,  or  lose  their 
certification.  The  company 
also  says  that  it  will  retire  all 
Windows  NT  4.0  exams  at  the 
end  of  2000. 


DECEMBER  2000  - 

Microsoft  extends  the  certifi¬ 
cation  deadline  from  Decem¬ 
ber  2000  to  February  2001. 
Redmond  also  announces  that 
it  will  offer  a  one-shot  compre¬ 
hensive  exam  that  allows 
users  to  upgrade  from  NT  to  a 
Windows  2000  MCSE  without 
taking  the  four  core  exams. 


OCTOBER  2001  -< - 

In  response  to  complaints,  Mi¬ 
crosoft  backtracks  on  its  certi¬ 
fication  stance  and  decides 
not  to  retire  the  MCSE  NT  4.0 
credential. 
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While  early  adopters  of  enterprise  portals 
know  what  kind  of  functionality  they  want 
out  of  these  systems,  many  organizations 
are  still  struggling  with  how  best  to 
measure  their  benefits.  By  Pimm  Fox 


WHATEVER  YOUR  VIEW  of 
enterprise  portals  —  and 
there  are  as  many  opin¬ 
ions  as  there  are  IT  infra¬ 
structures  —  the  concept 
of  centralizing  the  location  of  perti¬ 
nent  information  and  transactions  is  a 
solid  one. 

Portals  can  be  valuable  tools  for 
enhancing  business  processes. 

Anadarko  Petroleum  Corp.  in  The 
Woodlands,  Texas,  uses  software  from 
Pleasanton,  Calif. -based  PeopleSoft 
Inc.  to  make  pay  stubs  available  to  em¬ 
ployees  electronically,  thus  cutting  its 
postage  and  processing  fees. 

AmeriKing  Inc.,  the  largest  indepen¬ 
dent  Burger  King  Corp.  franchisee  in 
the  U.S.,  uses  a  portal  from  San  Fran¬ 
cisco-based  Plumtree  Software  Inc.  to 
give  its  dispersed  employees  access  to 
corporate  performance  data. 

At  Westchester,  Ill.-based  Ameri¬ 
King,  inventory  reports,  sales  and  fi¬ 
nance  data,  human  resources  informa¬ 
tion,  e-mail  and  corporate  documents 
are  all  available  on  a  personalized, 
Web-based  desktop.  Indeed,  company 
officials  estimate  that  the  portal  saves 
the  firm  about  $500,000  per  year  on  re¬ 
duced  printing  and  distribution  costs 
for  things  such  as  physician  directo¬ 
ries,  employee  profiles  and  employee 
contact  information. 

The  portal  also  allows  AmeriKing 


employees  to  change  personnel  infor¬ 
mation  about  themselves  to  their 
employment  and  benefits  files  —  thus 
helping  to  cut  the  company’s  human 
resources  costs. 

But  to  extract  these  kinds  of  returns 
from  a  portal  requires  specific  plan¬ 
ning  on  the  part  of  business  managers 
—  not  just  IT  personnel. 

“There  are  three  overarching  com¬ 
ponents  to  a  portal  strategy,”  says  Laura 
Ramos,  research  director  at  Giga  Infor¬ 
mation  Group  Inc.  in  San  Jose.  “First, 
you  have  to  define  who  is  going  to  use 
the  portal,  then  you  need  to  look  at 
what  you  currently  have  in  the  way  of 
IT  infrastructure,  and  finally,  you  need 
to  measure  the  payback  —  the  before 
and  after.” 

The  Breakdown 

But  while  companies  may  know 
what  they  want  their  portals  to  deliver 
and  may  even  have  a  concrete  assess¬ 
ment  of  their  IT  structure,  they’re  still 
grappling  with  how  to  measure  their 
returns.  A  study  published  by  Cam¬ 
bridge,  Mass.-based  Forrester  Research 
Inc.  in  August  2001  revealed  that  41% 
of  49  portal  managers  from  Global 
3,500  firms  using  portals  weren’t  mea¬ 
suring  their  benefits  at  all,  and  “20% 
don’t  know  if  they  are,”  says  Frank 
Gillett,  a  Forrester  analyst  (see  chart). 

Keeping  measurement  in  mind, 


portals  by  definition  need  to  identify 
specific  user  groups  that  will  benefit 
from  their  content  or  available  appli¬ 
cations.  Once  a  portal  use  is  identified, 
there  are  four  basic  categories  of  por¬ 
tal  products  to  consider. 

Companies  such  as  BEA  Systems 
Inc.,  IBM,  Sun  Microsystems  Inc.’s 
iPlanet  division  and  Oracle  Corp.  all 
offer  tools  for  building  portals,  be¬ 
cause  some  users  see  the  need  to 
modify  existing  applications  or  need 
additional  customization  in  order  to 
meet  the  portal’s  requirements. 

A  second  category  includes  tra¬ 
ditional  enterprise  resource  planning 
vendors,  such  as  PeopleSoft,  SAP  AG 
and  Siebel  Systems  Inc. 

A  third  category  is  defined  by 
knowledge  and  content  management 
vendors,  such  as  Redwood  City,  Calif.- 
based  BroadVision  Inc.,  Microsoft 
Corp.’s  SharePoint  Portal  Server  and 
Austin-based  Vignette  Corp. 

Finally,  there  are  pure  portal  compa¬ 
nies,  such  as  Plumtree  and  San  Fran¬ 
cisco-based  Epicentric  Inc. 

Keys  to  Success 

The  technical  challenge  of  assem¬ 
bling  the  power  of  many  back-end 
applications  and  information  at  one 
location  doesn’t  appear  to  be  a  major 
factor  in  the  success  of  enterprise 
portals.  Instead,  the  problem  right  now 
is  a  leap  of  faith. 

“[For]  large  corporations  [that]  have 
started  their  portal  efforts,  it’s  a  com¬ 
petitive  advantage,”  says  Nate  L.  Root, 
an  analyst  at  Forrester.  They  have  to 
“get  very  detailed  about  who  goes  to 
use  it  and  why,”  he  says. 

Those  issues  are  supported  by  a 
Web-based  survey  of  Fortune  2,000 
companies  conducted  in  December 
and  January  by  Redwood  City,  Calif.- 
based  Enviz  Inc.  Of  the  156  IT  leaders 
who  responded,  70%  acknowledged 
that  they  couldn’t  measure  where  and 
why  visitors  leave  a  business  process 
at  a  portal.  And  when  asked  how  they 
measure  the  return  on  investment  of 
their  portals,  the  majority  of  respon¬ 
dents  said  they  don’t  measure  it. 

The  key,  say  analysts,  isn’t  to  focus 
on  the  technology  but  to  evaluate 
current  business  practices  to  see  what 
kinds  of  information  are  delivered  and 
where  a  process  can  be  made  more 
efficient  with  self-service  techniques. 
Without  this  approach,  enterprise 
portals  will  end  up  as  rudderless  IT 
projects.  ► 


I  llllTHT  For  links  to  other  stories  on 

-I  portals,  go  to  www.computer 

L  world.com/q?28362 


Portal 

Payback 

How  are  you  measuring  the 
benefits  of  enterprise  portals?* 


We  aren’t 

41% 

Don’t  know 

20% 

Cost  analysis 

16% 

Web  site/log  files 

8% 

User  surveys 

6% 

R0I  analysis 

6% 

Measure  latency  of  a  task 

4% 

Number  of  IT  requests 

4% 

HWhat  information,  news,  data 
and  activities  are  in  the  portal?* 


Benefits  information 

82% 

Company  news 

78% 

Employee  directory 

53% 

Education  and  training 

49% 

Departmental  information 

37% 

Personnel  info  updates 

35% 

Company  forms 

33% 

Financial  news 

27% 

Sales  information 

24% 

Payroll  adjustments 

24% 

Industry  news 

20% 

Collaborative  tools 

16% 

Online  IT  help  desk 

16%  j 

Travel  booking 

14% 

E-mail 

12% 

HWhat  is  the  total  cost  - 
products,  staff,  consultants  - 
of  your  initial  portal  effort?* 


COMPLETED  PORTALS 

Maximum  spent 

S2.5M 

Mean  spent 

$657,368 

Median  spent 

$300,000 

Minimum  spent 

$20,000 

PUNNED  PORTALS 

Maximum  budget 

$5M 

Mean  budget 

S2.03M 

Median  budget 

SIM 

Minimum  budget 

$25,000 

*  MULTIPLE  RESPONSES  ALLOWED 

SOURCE  A  STUDY  CONDUCTED  BY  FORRESTER 
RESEARCH  INC..  CAMBRIDGE,  MASS. .IN  WHICH  49  PORTAL 
MANAGERS  AT  GLOBAL  3.500  COMPANIES  WERE  INTER¬ 
VIEWED  RESULTS  WERE  PUBLISHED  IN  AUGUST  2001. 
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This  is  the  FOREMAN 

That  placed  the  Order 

That  went  through  the  Dealer 

That  notified  Contracts 

That  alerted  Manufacturing 

That  checked  with  Accounting 

That  contacted  Shipping 

That  sent  the  Delivery 

That  sealed  the  Process 

That  lives  in  the  Business  Integration  Software 

That  we  built  Together. 
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CrossWorlds  has  joined  with  IBM  to  provide 
comprehensive  business  integration  from  your 
first  step  to  the  finish.  Our  technology  powers  WebSphere®  to  not  only 
just  connect  your  applications  —  but  make  all  your  processes  work 
together.  For  the  whole  story,  visit  ibm.com/websphere/crossworlds 
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Why  Rookie  IT  Managers 
Make  Classic  Blunders . . . 


. . .  and  how  you  can  help  them  succeed.  A  Harvard 

Business  Review  writer  offers  some  suggestions 


New  managers  often  fail  for  predictable 
reasons.  In  this  month’s  Harvard  Busi¬ 
ness  Review,  Carol  A.  Walker  tells  how 
good  supervisors  can  help  rookie  man¬ 
agers  avoid  the  obstacles 
that  so  often  trip  them  up. 

Walker  is  president  of  Pre¬ 
pared  to  Lead  (www. 
preparedtolead.com),  a 
management  consulting  firm 
in  Weston,  Mass.  She  previ¬ 
ously  worked  for  15  years  as 
an  executive  in  the  insur¬ 
ance  and  technology  indus¬ 
tries.  Walker  told  Computerworld’s 
Kathleen  Melymuka  that  these  observa¬ 
tions  and  lessons  apply  especially  to  IT, 
where  the  work  of  individual  contribu¬ 
tors  and  managers  is  hugely  different. 

Q:  Why  do  so  many  rookie  IT  managers  fail? 

A:  Managing  is  always  different  from 
doing,  but  in  IT,  the  difference  may  be 
even  greater  than  in  other  fields.  The 
reason  they  don’t  succeed  is  that  the 
difference  is  underappreciated.  They 
don’t  truly  understand  their  new  role 
and  how  they  should  be  spending  their 
time,  which  is  fundamentally  different. 

Q:  What  is  the  fundamental  difference? 

A:  It’s  the  difference  between  guiding 
processes  and  communicating  direc¬ 
tions  vs.  rolling  up  your  sleeves  and 
writing  code:  individualized  work 
vs.  communication. 

Q:  Why  do  new  managers  hesitate  to  ask 
for  help? 

A:  Rookies  are  already  feeling  vulnera¬ 
ble.  If  they’re  pretty  high  in  self-confi¬ 
dence,  they’re  more  likely  to  ask  for 
help,  but  many  don’t.  In  our  society, 
asking  for  help  tends  to  denote  weak¬ 
ness,  and  IT  is  a  field  where  people  are 
even  more  used  to  having  the  answers. 

Q-  As  the  rookie’s  boss,  how  can  I  tell 
whether  he  needs  help? 

A:  Observe  the  manager’s  interactions 
with  his  staff.  Find  opportunities  to 
talk  to  staff  independently  —  not  about 
■  ire  manager,  but  about  what’s  going  on 


in  the  department  and  how  clear  the 
objectives  are.  If  objectives  are  clear 
and  people  seem  focused,  he’s  proba¬ 
bly  doing  a  good  job. 

Q:  If  a  rookie  needs  help,  how 
can  I  show  that  it’s  OK  to  ask? 

A:  There’s  no  substitute  for 
communication.  Have  reg¬ 
ular  meetings  with  rookie 
managers  —  maybe  more 
frequently  in  the  beginning. 
Ask  probing  questions 
about  big-picture  issues. 

Q:  Why  do  new  IT  managers  often  find  it 
hard  to  delegate? 

A:  I  suspect  that  in  IT,  the  nature  of 
work  is  so  detail-oriented  that  it  at¬ 
tracts  a  certain  type  of  personality  that 
is  more  comfortable  with  high  degrees 
of  detail.  They  tend  not  to  like  to  give 
up  control,  and  delegating  is  a  matter 
of  trusting  and  giving  up  control. 

Q:  As  the  boss,  how  can  I  help? 

A:  Clarify  expectations.  Let  them  know 
the  expectation  is  not  that  they’re  do¬ 
ing  everything,  and  help  them  under¬ 
stand  that  this  is  a  huge  transition,  not 
a  little  thing.  Let  them  know  it’s  nor¬ 
mal  to  feel  they  may  be  not  as  produc¬ 
tive  as  they  used  to  be.  At  some  levels, 
it  may  be  still  part  of  their  job  that  they 
do  some  IT  work,  so  it’s  important  to 
talk  about  what  proportion  of  time  you 
expect  them  to  be  doing  this  sort  of 
thing  vs.  this  other  sort. 

Q:  You  say  many  rookie  IT  managers  have 
image  problems.  What  are  some  of  those? 

A:  The  issue  is  that  rookies  tend  to  not 
realize  the  influence  they  have  on  the 
people  looking  up  to  them  as  supervi¬ 
sors.  If  they  have  a  poor  reaction 
under  pressure,  if  they’re  short  with 
others,  or  roll  their  eyes  at  issues  that 
are  tiresome  or  lose  their  temper,  that 
demonstrates  to  the  team  that  that’s 
acceptable  behavior.  They  lack  aware¬ 
ness  that  every  behavior  they  demon¬ 
strate  is  telling  everyone  else  what 
is  acceptable. 


Q:  If  I  see  a  rookie  manager  doing  this,  what 
do  I  do  as  his  supervisor? 

A:  Often,  they’re  not  aware  of  the  be¬ 
havior.  Take  them  aside  and  raise  their 
consciousness:  “I’m  pretty  sure  you 
have  no  idea  you’re  doing  this,  but 
it’s  likely  to  have  this  impact  on  your 
staff.”  Let  them  know  that  people  ex¬ 
pect  a  sense  of  calmness  and  control 
from  a  leader. 

Q:  You  say  I  need  to  drag  new  IT  managers 
out  of  the  trenches.  But  aren’t  they  building 
rapport  with  the  troops  by  diving  in  to  fight 
the  fires? 

A:  Everything  in  moderation.  Depend¬ 
ing  on  the  level  of  management,  differ¬ 
ent  degrees  of  involvement  are  appro¬ 
priate.  In  true  emergencies,  it  may 
make  sense  to  roll  up  your  sleeves, 
but  it  can  become  very  comfortable  to 
fight  fires  because  it  feels  very  produc¬ 
tive.  It  can  become  the  norm,  and  then 
she’s  ignoring  the  direction  of  the  unit 


When  feedback 
is  delivered  in 
a  supportive 
manner,  it’s  the 
biggest  gift  they 
could  receive. 
It  allows  them 
to  grow. 

CAROL  A.  WALKER,  PRESIDENT, 
PREPARED  TO  LEAD 


This  is  the  latest  in 
a  series  of  monthly 
discussions  with 
authors  of  articles 
in  the  HARVARD 
BUSINESS  REVIEW 
on  topics  of  interest 
to  IT  managers. 
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and  strategy  and  thinking.  If  she’s  con¬ 
tinually  putting  out  fires,  she’s  also 
telling  her  staff  they’re  not  capable  of 
handling  that;  they  need  her  to  do  that. 

Q:  Some  rookies  say  strategic  thinking  is 
a  luxury  they  can’t  afford.  How  can  I  teach 
a  rookie  who  has  always  been  tactical  to 
begin  thinking  strategically? 

A:  Use  those  regular  communication 
sessions  to  pose  the  kinds  of  questions 
you  expect  them  to  be  able  to  answer. 
Like,  “What’s  the  competition  doing  in 
this  area?”  If  they  can’t  answer,  point 
out  that  this  is  the  difference  between 
a  boss  and  a  programmer  and  that  a 
certain  amount  of  their  time  needs  to 
be  spent  on  this. 

Show  them  what  you  expect  them 
to  be  on  top  of,  and  tie  it  to  promote 
ability.  Point  out  that  the  higher  in 
management  they  go,  the  more  they 
will  need  to  demonstrate  this  kind  of 
thinking,  and  you  want  to  give  them 
the  opportunity  to  practice  it. 

Q:  What  don’t  rookies  get  about  feedback? 

A:  When  feedback  is  delivered  in  a 
supportive  manner,  it’s  the  biggest  gift 
they  could  receive;  it’s  the  ability  to 
see  themselves  as  others  see  them.  It 
allows  them  to  grow.  And  people  don’t 
get  that.  Sometimes  feedback  is  not 
given  in  a  perfect  way,  and  then  people 
are  not  open  to  receiving  it. 

Q:  So  they  have  to  learn  to  give  and  receive 
feedback? 

A:  Yes.  And  as  in  a  dysfunctional  family, 
when  they  receive  feedback  given  in  a 
bad  way,  they  either  hesitate  to  give 
feedback  themselves  because  it  was 
so  negative  for  them  or  they  copy  the 
behaviors  they  see  and  give  their  own 
feedback  in  public  or  in  an  uncaring 
way  or  without  tying  it  to  success 
factors.  Feedback  is  a  touchy  issue. 
Whether  you  give  or  receive  it,  it  re¬ 
quires  an  environment  of  trust.  As  the 
boss,  you  have  to  demonstrate  how  to 
give  good  feedback. 

Q:  How  do  I,  as  the  rookie’s  boss,  negoti¬ 
ate  the  fine  line  between  coaching  and 
micromanaging? 

A:  If  you  set  up  that  regular  meeting 
time  to  talk  about  things,  you’re  not 
going  to  be  in  their  face.  Focus  on 
their  asking  and  your  answering 
questions. 

In  the  beginning,  they  may  not  be 
able  to  know  the  right  questions,  so 
you  ask  the  questions.  And  if  you  have 
to  raise  an  issue,  raise  it  in  the  form  of 
a  question:  “What  do  you  think  of  this 
area?”  —  not  “We’re  not  doing  enough 
in  this  area.”  > 


HP's  ultra-reliable  rp7410  and  rp8400  midrange 
UNIX®  servers. 

HP  midrange  servers  are  the  dependable  choice  for  your 
always-on  computing  needs.  With  the  lowest  total  cost  of 
ownership  in  the  midrange  server  space,  you'll  significantly 
reduce  costs  in  hardware,  management  and  administration. 
And  as  the  only  midrange  servers  available  today  that  can 
upgrade  to  the  future  Intel®  Itanium  "  Processor  Family,  they 
are  truly  the  servers  of  the  future. 

[  Find  out  why  HP  has  been  the  market  share  leader 
since  1 997.  Visit  www.hp.com/larae/ midrange 
and  request  your  free  HP  midrange  UNIX ®  Server 
white  papers  now.  ] 


invent 


Midrange  UNIX  server  market  share  leader  according  to  International  Data  Corporation{IDC)'s  Quarterly  Server  Tracker,  Q4CY2001,  published  March  8,  2002.  IDC  uses  price  points  to  differentiate  servers  into  entry-level  (which  is  up  to  $100,000), 
midrange  (which  is  $1 00,000-$  1  million)  and  high-end  (which  is  $1  million  and  above).  Itanium  is  a  trademark  and  Intel  is  a  registered  trademark  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  UNIX  is  a  registered  trade¬ 
mark  of  The  Open  Group.  Offer  good  only  in  the  U.S.  ©2002  Hewlett-Packard  Company.  All  rights  reserved. 


BUSINESSCAREERS 


Dear  Career  Adviser: 

I  am  a  network  support/PC  technician  in  Michigan  who 
was  laid  off  in  December.  I  have  six  years'  experience , 
four  at  my  prior  employer,  where  I  earned  $43,000  per 
year.  While  my  earlier  compensation  wasn't  excessive,  in 
this  job  market  I  might  need  to  take  a  job  at  $35,000  or 


lower  and  continue  looking. 
However,  I  want  to  avoid  job¬ 
hopping  and  wonder  if  I  should 
be  patient  and  continue  seeking 
a  job  with  higher  pay  to  avoid 
starting  problems  regarding 
my  salary.  Are  job  contracts  an 
option? 

—  Lowered  Expectations 

Dear  Expectations: 

You  can’t  fight  the  market, 
says  Darrell  W.  Gurney,  a  Los 
Angeles-based  career  coach 


and  author  of  Headhunters  Re¬ 
vealed!  Career  Secrets  for 
Choosing  and  Using  Profes¬ 
sional  Recruiters  (Hunter  Arts 
Publishing,  2000)  That’s  espe¬ 
cially  true  because  we’re  now 
in  an  employer-driven  market 
that  will  last  a  while  longer. 

Unless  your  cash  is  running 
low,  come  up  with  a  timeline 
and  explore  as  many  options 
as  possible  before  accepting  a 
lower  salary.  If  you  must  take 
a  cut,  at  least  do  it  with  a  com¬ 
pany  that  provides  an  educa¬ 


tion  benefit  or  the  opportunity 
to  learn  new  skills.  That  way, 
once  the  market  turns,  you’ll 
have  a  reason  to  ask  for  a 
boost  in  your  salary  with  no 
explanation  needed. 

Dear  Career  Adviser: 

You  and  others  have  men¬ 
tioned  bioinformatics  as  an  up- 
and-coming  field.  As  a  C/C++, 
Unix  person,  I  am  concerned 
about  my  ability  to  move  into 
bioinformatics.  I  also  wonder 


whether  this  field  is  stable. 

—  California  Dreamin’ 

Dear  Dreamin’: 

Interest  in  bioinformatics  is 
growing  because  of  its  role  in 
high-profile  research  efforts 
like  gene  sequencing.  The 
field  involves  handling  and  an¬ 
alyzing  massive  amounts  of 
data.  Your  skills  in  Unix  and 
C/C++  are  highly  portable, 
particularly  if  you  learn  script¬ 
ing  languages 
such  as  Perl  or 
Python,  build  up 
your  structured 
and  relational 
database  skills 
and  expand  your 
operating  system 
knowledge  to  in¬ 
clude  Linux. 

But  given  the 
recent  demise  of 
Oakland,  Calif.- 
based  Double- 
Twist  Inc.  and  the 
state  of  biotech 


venture  funding,  you  might 
want  to  hedge  your  bets  and 
pursue  work  within  a  universi¬ 
ty,  a  government  agency  or  an 
established  pharmaceutical 
company. 

Investigate  the  University  of 
California  Extension  at  Santa 
Cruz,  which  offers  a  certifica¬ 
tion  program  in  bioinformat¬ 
ics,  says  Gary  Schultz,  princi¬ 
pal  analyst  at  Sunnyvale, 
Calif.-based  Multimedia  Re¬ 
search  Group  Inc.,  which  re¬ 
cently  published  a 
report  called  “U.S. 
Bio-Computing  IT 
Market:  Bio-Com¬ 
puting  and  Phar¬ 
maceutical  Com¬ 
panies.” 

You  might  want 
to  read  Cynthia 
Gibas’  article 
“Computers  + 
Biology  =  Bioinfor¬ 
matics”  at  www. 
oreil  ly.com/news/ 
bioinformatics_ 
0401.html. » 


fran  quittel  is  an  expert 
in  high-tech  careers  and 
recruitment.  Send 
questions  to  her  at 

www.computerworld.com/ 

careeradviser. 


WORKSTYLES 

On  Course  at 
Alaska  Airlines 


Steve  Jarvis,  the  vice  presi¬ 
dent  in  charge  of  e-commerce 
at  Alaska  Airlines,  describes 
the  IT  culture  that  has 
emerged  in  his  company  in 
response  to  the  fast-changing 
industry  it  competes  in. 

What  are  the  most  critical  sys¬ 
tems  supported  by  your  depart¬ 
ment?  “Our  Web  servers, 
connectivity  to  the  host 
reservation  system  and  our 
production  databases.  Our 
Web-based  transaction  sys¬ 
tems  bring  in  20%  of  our 
$400  million  revenue,  so 
they’re  pretty  critical.” 

What  are  travelers  able  to  do 
via  the  Web?  “We  have  a  full 
suite  of  travel  purchase 
n<  eds,  plus  day-of-flight  sta¬ 


tus,  including  [Federal  Avia¬ 
tion  Administration]  feeds, 
so  you  can  see  where  your 
particular  aircraft  is,  and  the 
world’s  first  Web  check-in.” 

How  have  the  events  of  Sept.  11 
affected  your  group?  “We  had 

to  look  at  our  priorities  and 
pursue  projects  offering  cost 
savings.” 

How  would  you  describe  the 
pace  of  the  work  in  general? 

“It’s  always  hectic,  not  rou¬ 
tine  at  all  —  there’s  always  a 
challenge.” 

Describe  situations  that  might 
come  up.  “Pricing  is  so  dy¬ 
namic  that  we  have  to  react 
to  what  our  competitors  are 
doing,  sometimes  with  no 


notice.  When  you  get  up 
with  a  to-do  list  for  the  day, 
it  can  get  blown  away  pretty 
fast.” 

How  would  you  describe  the  IT 
culture?  “It’s  a  very  dot-com- 
ish  kind  of  environment. 
There  are  11,000  in  the  entire 
company,  but  in  our  world, 
because  we’re  in  an  evolving 
world  where  IT  and  business 
have  to  work  so  closely  to¬ 
gether,  we  tried  to  create  a 
culture  where  we’re  a  small 
Web  company  within  this 
larger  company.” 


How  much  interaction  does  your 
IT  department  have  with  end 
users  or  other  departments? 

“We  have  a  floor  of  the 
building  where  marketing 
and  IT  live  together.  At  any 
given  time,  we  have  five  or 
six  projects  under  way,  and 
they’re  complicated  in  terms 
of  automating  processes  that 
have  always  been  handled  by 
humans,  so  the  business  per¬ 
son  needs  to  be  just  on  the 
other  side  of  the  soft  wall.  If 
we  weren’t  co-located,  it 
would  add  lots  of  days  to  the 
development  process.” 


How  are  career  advancement 
and  training  handled  at  your 
company?  “Most  of  our  de¬ 
velopment  team  has  been 
homegrown  from  the  airline 
in  some  way. 

“We’ve  hired  from  the  out¬ 
side,  but  our  core  architects 
have  come  from  within, 
probably  because  of  the 
uniqueness  of  airline  travel 
commerce.” 

What  aspect  of  work  do  you 
look  forward  to  each  day?  “I 

look  forward  to  working 
with  the  team.  We  take  our 
work  personally  here,  so  our 
team  is  great  to  work  with.” 

What  aspect  do  you  dread  each 
day?  “I  guess  the  dynamic 
nature  of  pricing  and  the 
need  to  run  off  at  a  mo¬ 
ment’s  notice  to  counter 
what  another  airline  does. 
That’s  a  distraction  from 
everything  we’re  doing  that’s 
innovative.  But  it’s  not  some¬ 
thing  we  can  say  no  to.” 

-MaryBrandel 

brandels@attbi.com 


Alaska  Airlines 

Who  they  are:  Alaska  Airlines 

Main  location:  Seattle 

Interviewee:  Steve  Jarvis,  vice 
president,  e-commerce 

Staff  size:  200  in  the  IT  division: 

20  in  the  e-commerce  group 
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2001  Cupel ia  University. 


THE 


ONLINE  BACHELOR  S 


DEGREE 


IN 


IT 


From  now  on,  that’s  Mr.  ( 


to  you 


. 


l  ake  control  of  your  IT  career  with  Capella  University’s  School  of  Technology.  Online  and  accredited,  Capella  helps  you  earn  the  degree  you  need  to  get  ahead.  In  addi¬ 
tion,  our  degree  programs  allow  you  to  receive  credit  for  prior  technical  experience  and  professional  certifications,  all  while  preparing  you  for  essential  certifications  down 


the  road.  Plus  our  one-of-a-kind  Virtual  Lab  Environment  '  offers  hands-on  experience  with  the  latest  technology.  Whether  you  choose  a  bachelor’s  or  master’s  program, 
our  fac ultv’s  real-world  experience  will  help  you  develop  the  technical  and  thinking  skills  vital  to  your  career  advancement.  Financial  aid  is  available.  For  the  full  story,  call 
1-888-CAPELI  A  (option  #8)  or  visit  www.capellauniversity.edu. 


: 


C apella  University  is  accredited  by  the  Higher  Learning  Commission  (NCA), 
the  same  bodv  that  accredits  Big  Ten  universities. 


Accelerating  Growth  in  a  Multi-Dimensional  World 


As  the  pace  of  innovation  increases,  you  need  to  deliver  products  and  solutions  in 
a  way  that’s  faster  and  more  responsive  to  the  market  —  and  there  is  no  margin 
for  error.  To  stay  on  top  of  the  market,  IT  storage  vendors  need  to  understand  the 
multi-dimensional  forces  that  are  impacting  storage  buying  decisions. 


Attend  this  year’s  IDC  Storage  Forum  and: 


Receive  new,  actionable 
research  data  on  the  many 
dimensions  of  IT  user 
buying  behaviors  including 
anticipated  end-user  buying 
preferences  through  the 
year  2006 

Learn  how  storage  vendors 
can  implement  channel 
programs  that  attract  the 
best,  the  brightest,  and  the 
most  successful  partners 

Join  a  panel  of  heavyweight 
storage  executives  as  they 
debate  the  storage  issues  IT 
vendors  and  professionals 
are  struggling  with  today 


>  Find  out  how  IT 
departments  can  reconcile 
the  need  to  ensure 
continuously  available  data 
with  the  drive  to  show  a 
solid  return  on  every 
technology  investment 

>  Attend  a  breakout  featuring 
the  latest  research  on  tape 
automation,  storage 
software,  storage  service 
providers  (SSPs),  HDDs, 
consumer  devices,  servers, 
optical  storage  and  more 


Featured  Keynote  Speakers: 


Nora  Denzel,  Vice  President  and 
General  Manager,  North  America 
Storage,  Hewlett-Packard  Company 

Robert  Gray,  Research  Director, 
Worldwide  Storage  Systems 
Research,  IDC 

Richard  Lary,  Partner,  TuteLary,  LLC 

John  McArthur,  Vice  President, 
Worldwide  Storage  Research,  IDC 


Charlotte  Rancourt,  Research  Director, 
Storage  Systems,  IDC 

Janet  Waxman,  Program  Director, 
Systems  and  Storage  Distribution 
Channels,  IDC 

Mike  Zisman,  General  Manager, 
Storage  Software  Unit,  IBM 


IDC 

Storage  Forum 

May  14-15,  2002 

The  Fairmont 
San  Jose,  California 

Register  Online 
www.idc.com/events/sf02/ 

Or  Call 

800-605-5849 
(978-597-01 33  outside  the  U.S.) 

Register  by  April  16th 
and  receive  a  $200  discount! 
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TECHNOLOGY 


THIS  WEEK 


RADIO  TRACKING 

Radio-frequency  tagging  adds  up¬ 
front  expenses  but  can  cut  costs  by 
automating  and  speeding  up  data 
acquisition  and  processing.  PAGE  46 


WEB  ACCESS 
TO  LEGACY  APPS 

A  major  U.S.  trucking  company 
works  to  keep  customers  happy  by 
making  its  enterprise  database 
management  system  accessible 
through  a  browser.  PAGE  48 


FUTURE  WATCH 

Texas-based  Cycorp  calls  itself  a 
leader  in  supplying  “formalized 
common  sense.”  Using  a  type  of 
symbolic  logic  called  “predicate 
calculus,”  the  company  is  trying  to 
codify  everything  a  person  knows 
and  store  it  in  a  database.  PAGE  49 


64-BIT  BOOST 

A  new  generation  of  applications 
running  on  .Net  Server  and  Intel’s 
Itanium  will  eventually  bring  64-bit 
computing  to  the  Windows  masses. 

PAGE  50 


QUICKSTUDY 

A  peer-to-peer  network  is  one  in 
which  two  or  more  PCs  share  files 
and  access  to  devices  such  as  print¬ 
ers  without  requiring  a  separate 
server  computer  or  server  soft¬ 
ware.  Learn  more  in  this  week’s 
primer.  PAGE  52 


NICHOLAS  PETRELEY 

The  Road  to  Cairo 

THE  YEAR  is  1992.  Jim  Allchin  reveals  Microsoft’s  plans  to 

deliver  a  version  of  Windows  NT,  code-named  Cairo,  in  1994. 
Cairo  is  slated  to  use  an  Object  File  Store  (OFS)  as  its  file  sys¬ 
tem.  OFS  is  an  object-oriented  database  designed  to  make  it 
easy  to  search  documents  and  other  structured  data  by  content. 
Fast  forward  to  2002.  The  continued  status  of  OFS  can  best  be  described 
by  the  famous  Monty  Python  cheese  shop  sketch  (see  www.montypython. 


net/scripts/cheese.php  for  the  complete  script).  In  the 
sketch,  the  customer  (John  Cleese)  asks  the  clerk 
(Michael  Palin)  for  every  conceivable  type  of  cheese, 
but  the  shop  is  out  of  stock  on  every  item.  This  leads 
to  the  now  classic  exchange,  which  exploits  Cleese’s 
exceptional  timing  and  delivery: 

Cleese:  “It’s  not  much  of  a  cheese  shop,  is  it?” 

Palin:  “Finest  in  the  district,  sir!” 

Cleese:  “Explain  the  logic  underlying  that  conclu¬ 
sion,  please.” 

Palin:  “Well,  it’s  so  clean,  sir!” 

Cleese:  “It’s  certainly  uncontaminated  by  cheese.” 

Similarly,  10  years  after  Allchin’s  initial  promise, 
Windows  remains  uncontaminated  by  many  of  the 
features  originally  slated  for  Windows  NT  and  Cairo, 
including  OFS. 

There  is  a  very  simple  explanation  for  the  delay  in 
the  case  of  OFS.  Microsoft  thought  it  might  need  OFS 
to  win  the  battle  against  OS/2,  which  already  had  an 
object-oriented  foundation  and  threatened  to  include 
a  database-oriented  file  system.  As  it  turned  out,  Mi¬ 
crosoft  was  able  to  beat  OS/2  by  withholding  Win¬ 
dows  95  licenses  for  IBM  PCs,  as  was  documented  in 
Judge  Thomas  Penfield  Jackson’s  findings  of  fact. 
With  OS/2  out  of  the  way,  Microsoft  could  put  OFS 
on  the  back  burner  in  order  to  address  other  pressing 
threats  to  its  desktop  monopoly. 

Now  OFS  is  back.  Allchin  stated  last 
month  that  OFS  is  scheduled  to  go  into  the 
next  major  release  of  Windows,  code- 
named  Longhorn.  (Given  the  lesson  of  the 
Monty  Python  sketch,  no  doubt  Microsoft 
is  referring  to  the  mild  cheddar  cheese 
called  Longhorn,  and  not  to  cattle.)  Call 
me  a  paranoid  cynic,  but  I’m  betting  Mi¬ 
crosoft  is  resurrecting  OFS  as  a  means  to 
make  data  more  accessible  to  users  while 
making  it  less  accessible  to  developers. 

This  would  stifle  competition  from  one  or 
more  products  or  technologies,  most  likely 


competing  productivity  applications. 

Having  said  that,  an  object  store  based  on  SQL 
Server  technology  is  a  good  idea,  though  not  neces¬ 
sarily  the  best  design  for  a  file  system.  I’ve  advocated 
this  approach  for  a  long  time,  and  I  don’t  intend  to 
stop  just  because  Microsoft  might  abuse  it.  But  if  you 
are  looking  for  a  much  better  idea,  check  out  the 
ReiserFS  file  system.  The  file  system  that  Hans  Reis¬ 
er  proposes  is  similar  to  OFS  in  one  respect:  Both  are 
vaporware.  But  Reiser’s  vaporware  is  better  than  any 
I’ve  seen  in  this  category. 

If  I  had  to  summarize  Reiser’s  objectives,  I  would  say 
that  one  is  to  eliminate  as  many  distinctions  as  possible 
among  various  types  of  files,  directories,  devices  or 
anything  else  that  can  be  represented  within  a  file  sys¬ 
tem.  The  upcoming  ReiserFS  4  proposes  to  do  this  by 
turning  everything  —  streams,  directories,  attributes 
(time  stamps,  security  settings  and  others)  —  into  files. 

Another  goal  is  to  be  able  to  search  the  file  system 
without  having  to  impose  relational  database  struc¬ 
ture  upon  it.  Reiser’s  examples  don’t  always  support 
his  case,  but  the  weakness  is  in  his  examples,  not  his 
principles.  For  example,  he  conjures  a  story  in  which 
you  can’t  search  for  Santa  Claus  because  the  arbitrary 
structure  of  the  database  makes  it  nearly  impossible 
to  define  the  relationship  among  Santa,  reindeer  and 
chimneys.  What  Reiser  neglects  to  men¬ 
tion  is  that  a  brute-force  search  engine 
covers  a  multitude  of  structural  sins.  Un¬ 
fortunately,  the  price  you’d  pay  in  perfor¬ 
mance,  complexity  and  disk  space  (or 
some  combination  of  these)  would  out¬ 
weigh  any  benefits  you’d  reap  by  imposing 
an  arbitrary  structure  on  the  file  system 
and  then  working  around  the  limitations 
with  brute  force. 

In  the  end,  Reiser’s  conclusions  are  per¬ 
fectly  valid.  I  hope  we  see  the  vapor  con¬ 
dense  into  reality  before  the  cheese  shop 
gets  its  next  shipment.  > 


NICHOLAS  PETRELEY  is  a 

computer  consultant  and 
author  in  Hayward,  Calif. 
He  can  be  reached  at 

nicholas@petreley.com 
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Cool  Stuff 

At  Associated  Food  Stores,  RF  tags  mounted  in  delivery  trucks  keep  tabs  on  where  the  vehicles  are  and  how  well  they're  cooling  their 
cargos.  The  system’s  expected  payback  over  previous  manual  systems  is  one  year  or  less. 


SSOCIATED  FOOD  STORES  INC.  says  its 
supply  chain  operations  are  running 
more  efficiently  and  securely,  thanks 
to  recently  installed  next-generation 
wireless  radio-frequency  tags. 

The  firm  is  one  of  a  handful  of 
companies  beginning  to  explore  the 
use  of  RF  tags.  Until  these  tags  came 
on  the  scene,  tagging  systems  —  even  wireless  ones 
—  typically  relied  on  warehouse  personnel  or  others 
using  handheld  scanners  to  read  bar-coded  tags.  RF 
technology  takes  the  process  a  step  further  with  so¬ 
phisticated  tags  that  can  be  attached  to  inventory  or 
trucks.  These  new  tags  can  communicate  location 
and  environmental  data  via  antennas  to  back-end 
systems  without  requiring  manual  intervention.  In 
addition,  the  technology  could  boost  security,  note 
analysts,  who  cite  the  disruptions  caused  by  the  re¬ 
cent  terrorist  attacks  on  the  U.S. 

Tagging  Up 

Last  August,  Salt  Lake  City-based  Associated  went 
live  with  a  system  using  tags  from  WhereNet  Corp. 
in  Santa  Clara,  Calif.,  and  supply  chain  applications 
from  OMI  International  Inc.  in  Schaumburg,  Ill.,  to 
automatically  get  extensive  data  captures  from  the 
trailers  in  its  yard  at  regular  intervals. 

Tim  Van  de  Merwe,  internal  logistics  manager  at 
Associated,  says  the  firm  can  locate  any  of  its  hun¬ 
dreds  of  trailers  to  within  a  foot,  tell  when  one  leaves 
its  distribution  center,  forward  alerts  to  retailers  in 
the  event  of  delays  and  even  tell  if  refrigeration  units 
in  the  trailers  are  maintaining  the  correct  tempera¬ 
tures.  By  getting  an  accurate,  near-real-time  picture 
of  its  trailers’  locations  and  conditions,  Associated 
has  reduced  the  number  of  its  leased  trailers  and  per¬ 
sonnel.  It  has  also  cut  down  the  amount  of  spoiled 
produce,  which  could  add  up  to  $100,000  per  year. 

The  $50  tags  are  0.5  in.  high  by  2.5  in.  long  by  1.5  in. 
wide  and  are  attached  to  trailers  by  adhesives  or  me¬ 


chanical  fasteners.  They  flash  signals  every  four  min¬ 
utes  to  19  antennas  connected  by  five  miles  of  cable. 
The  Windows-based  WhereNet  system  and  embed¬ 
ded  database  takes  these  feeds  and  determines  the  lo¬ 
cation  and  status  of  Associated’s  trailers  and  other 
mobile  assets.  This  information  is  then  passed  to 
OMI’s  management  application  for  an  up-to-date  map 
of  Associated’s  yard. 

One  major  challenge,  says  Van  de  Merwe,  is  mak¬ 
ing  sure  the  information  is  accurate,  which  requires 
constant  testing.  Prior  to  using  the  RF  tags,  it  could 
take  an  hour  to  capture  data  manually  on  the  trailers, 
and  “nine  times  out  of  10,  the  process  was  inaccu¬ 
rate,”  he  says.  “You  never  captured  live  information.” 

If  there  is  a  spike  in  temperature,  indicating  an 
opened  trailer  door,  the  system  automatically  alerts  a 
security  person.  The  system  is  expected  to  pay  for  it¬ 


self  within  a  year,  although  Van  de  Merwe  wouldn’t 
comment  on  the  specific  costs  involved. 

The  WhereNet  system  uses  its  own  proprietary 
signaling  standard,  which  it  has  submitted  for  indus¬ 
try  ratification.  WhereNet  appears  to  be  ahead  of  its 
competitors  in  this  field,  say  analysts,  but  other  com¬ 
panies  are  making  gains.  For  example,  Thorofare, 
N.J.-based  Checkpoint  Systems  Inc.  has  entered  into 
an  alliance  with  New  York-based  consumer  package 
maker  Westvaco  Corp.  to  provide  similar  offerings. 

Standards  Needed 

Pete  Abell,  an  analyst  at  AMR  Research  Inc.  in 
Boston,  says  there  are  competing  RF  standards  from 
different  vendors,  but  standards  bodies  such  as  Uni¬ 
form  Code  Council  Inc.  in  Lawrenceville,  N.J.,  and 
EAN  International  in  Brussels  are  working  to  create 
specifications  that  would  enable  the  technology  to 
work  in  supply  chains  globally.  “Major  retailers  and 
suppliers  are  putting  money  into  it  to  make  it  hap¬ 
pen,”  he  says.  In  terms  of  things  such  as  loss  pre¬ 
vention  or  tracking  expiration  dates,  Abell  adds,  RF 
tags  already  have  a  “compelling  value  proposition.” 

There  are  implementation  challenges.  At  Ford  Mo¬ 
tor  Co.,  the  biggest  issue  in  rolling  out  the  WhereNet 
system  was  standardizing  the  various  radio  frequen¬ 
cies  and  business  practices,  says  Scott  Hollister,  a 
project  manager  at  the  car  manufacturer. 

Ford  went  live  with  WhereNet  in  August  2000  at  a 
truck  facility,  and  in  December  2001,  it  rolled  out  a 
version  of  the  system  to  22  more  plants.  Currently, 
the  tags  sit  on  the  rear-view  mirrors  of  newly  assem¬ 
bled  trucks  and  report  on  their  locations  in  the  yard. 
They  also  report  the  status  of  the  vehicles  in  the 
quality  assurance  process  and  ensure  delivery  to  ap¬ 
propriate  dealers  as  soon  as  possible. 

According  to  Ford,  by  bolstering  the  timely  inspec¬ 
tion  and  movement  of  vehicles,  the  company  has 
saved  close  to  $1  million  in  holding  costs  and  gained 
improved  customer  satisfaction.  I 

Hi  Learn  how  another  transportation  company.  Freymiller 

Inc.  in  Oklahoma  City,  is  using  wireless  connectivity  to 
T  stay  in  touch  with  its  trucks  and  control  temperatures: 

A  >1 1  www.computerworld.com/q728536 


Radio  tagging  of  in-transit  materiel  speeds 
data  gathering  in  the  supply  chain,  cuts  costs 
and  adds  new  controls.  By  l/larc  L.  Songini 
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It's  the  automated  array  and  all  of  its  cost-saving  features. 
HP's  Virtual  Arrays  save  you  money  by  automating  the 
manual  processes  required  in  traditional  arrays.  Tuning  out 
hot  spots,  adding  storage  space  and  protecting  your  data — 
automatically.  Freeing  your  valuable  IT  resources  and 
taking  the  mystery  out  of  efficient  data  management. 

[  Hurry,  and  request  your  free  copy  of  the 

HP  Virtual  Array:  Double  Your  Operating  Efficiency  guide 
now,  visit  www.hp.com/info/virtualarray  ] 
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NFORMATION  TECHNOLOGY 
managers  at  Roadway  Express 
Inc.  knew  that  the  “green 
screen”  interfaces  in  main¬ 
frame  programs  and  the  HTML 
used  in  Web  site  design  don’t 
mix  very  easily. 

So  when  the  Akron,  Ohio-based 
trucking  company  decided  to  make  its 
enterprise  legacy  database  manage¬ 
ment  system  accessible  to  users  through 
a  browser-based  interface,  its  IT  man¬ 
agers  planned  their  strategy  carefully. 

“We  felt  that  our  system,  the  CCA 
Model  204  database,  was  perfectly  ca¬ 
pable  of  handling  the  demand  from  the 
world  at  large,”  says  Gary  Bailey,  man¬ 
ager  of  applications  development  at 
Roadway.  The  goal  was  to  de¬ 
velop  an  access  point  for 
users  trying  to  connect  from 
outside  the  corporate  hub. 

“The  key  was  how  to  max¬ 
imize  the  investment  we  had 
in  the  system  —  not  reinventing  the 
system,  but  reusing  it,”  Bailey  says. 

Everything  the  company  knows 
about  each  shipment,  including  pay¬ 
ment  status,  is  run  off  one  IBM  main¬ 
frame  application.  Computer  Corpora¬ 
tion  of  America’s  (CCA)  Model  204. 
Roadway  has  centralized  its  entire 
business  on  this  transaction-based 
enterprise  database  since  1988. 

Built  in  the  1960s,  the  Model  204 
industrial-strength  software  runs  on 
IBM’s  OS/390  operating  system  and 
compatible  mainframe  systems.  It  can 
perform  query  and  transaction  pro¬ 
cessing  on  MVS,  virtual  machine  and 
virtual  extended  storage  systems.  The 


software  is  also  designed  to  allow 
rapid  access  to  large-scale  databases 
and  to  support  parallel  processing  with 
a  multiprocessor  option.  Model  204  is 
used  by  customers  with  terabytes  of 
data  and  thousands  of  concurrent  on¬ 
line  users,  according  to  Framingham, 
Mass.-based  CCA. 

Model  204  stores  all  of  Roadway’s 
mission-critical  freight  operations 
data,  including  customer,  dispatch, 
freight  shipment,  billing,  shipment 
tracking,  invoicing  and  computerized 
rate  information,  according  to  the 
company.  The  system  tracks  more  than 
9  million  shipments,  houses  500,000 
customer  records  and  processes  more 
than  2  million  transactions  per  day. 

Roadway  handles  65,000 
shipments  every  day  using 
Model  204.  The  trick  for  the 
company  was  finding  a  way 
to  connect  the  database  to 
Unix  workstations  from  Sun 
Microsystems  Inc.  The  workstations 
run  Roadway’s  nondatabase  applica¬ 
tions,  including  its  Web  applications. 

Hoping  it  wouldn’t  take  long  to 
teach  experienced  coders  new  tricks, 
the  company  decided  to  train  its  main¬ 
frame  programmers  in  HTML. 

The  next  step  was  for  Roadway’s 
mainframe  programmers  and  its  Web 
design  group  to  build  a  system  that  al¬ 
lows  Internet  users  to  directly  access 
the  mainframe  application  to  schedule 
and  track  shipments. 

By  eliminating  middleware  on  the 
mainframe,  the  development  team  en¬ 
sured  that  Roadway’s  legacy  applica¬ 
tions  would  continue  to  process  up  to 


1,800  transactions  per  second. 

Installing  Janus  Web  Server  from  Sir¬ 
ius  Software  Inc.  in  Cambridge,  Mass., 
on  top  of  Model  204  “allowed  us  to 
reuse  our  existing  transportation  man¬ 
agement  systems  and  administrative 
systems,  such  as  invoicing  and  report¬ 
ing,  without  having  to  rewrite  our  suite 
of  applications,”  says  Dave  Pavlich,  di¬ 
rector  of  e-commerce  technologies  and 
applications  development  at  Roadway. 
“Janus  Web  allows  us  to  extend  our 
existing  applications  written  in  M204 
user  language  to  browser-based  pre¬ 
sentation  layers.” 

Seamless  Links 

Pavlich  described  the  way  the  sys¬ 
tem  works:  The  proxy  server  simply 
delivers  HTTP  requests  to  the  Janus 
Web  server  and  then  returns  HTTP 
output  to  users’  browsers,  without  in¬ 
curring  the  cost  of  writing  or  buying 
middleware  that  would  sit  between  the 
proxy  and  the  mainframe.  The  system 
saved  Roadway  the  expense  of  writing 
applications  that  run  on  its  front-end 
Web  servers  or  proxy  servers,  he  says. 

“Our  approach  saved  us  time  and 
money  in  the  initial  development  of 
My.Roadway.com.”  Pavlich  says.  “We 
did  not  have  to  replicate  our  databases, 
and  we  were  able  to  use  existing  IT 
staff  to  build  Web-based  applications.” 

The  link  between  the  mainframe  and 
Unix  platforms  is  so  seamless  that  users 
have  no  idea  they’re  plugged  into  a 


technology  Roadway  has  used  for 
more  than  14  years,  according  to  the 
company.  Moreover,  the  cost  to  Road¬ 
way  of  creating  Web  access  was  low  — 
less  than  $1  million. 

Roadway’s  customers  seem  to  be  sat¬ 
isfied  with  the  results. 

“This  is  a  value-added  [service]  for 
us,”  says  Paul  Blissenbach,  transporta¬ 
tion  manager  at  Coldwater  Creek  Inc., 
a  Sandpoint,  Idaho-based  multichannel 
retailer  of  women’s  apparel,  gifts,  jew¬ 
elry,  home  goods  and  accessories.  “It 
gives  us  the  ability  to  generate  reports 
on  our  inbound  and  outbound  ship¬ 
ments.  Our  transportation  department 
needs  to  ensure  that  our  merchandise 
is  coming  in  on  time  and  whether  our 
vendor  companies  are  complying  with 
our  routing  instructions.” 

T.J.  Johnson,  manager  of  transporta¬ 
tion  at  Freeman  Transportation  in  Dal¬ 
las,  says,  “No  [carrier’s]  Web  site  is  as  so¬ 
phisticated  as  Roadway’s.  That’s  one  of 
the  reasons  we’ve  retained  Roadway.” 

Donald  Broughton,  an  analyst  at  A.G. 
Edwards  &  Sons  Inc.  in  St.  Louis,  agrees 
that  Roadway  is  offering  its  customers 
more  value  for  their  money.  But,  he 
says,  other  carriers  such  as  Yellow 
Corp.  in  Overland  Park,  Kan.,  and  ABF 
Freight  System  Inc.  in  Fort  Smith,  Ark., 
offer  similar  services.  And  more  com¬ 
panies  should  follow  suit  if  they  want 
to  stay  competitive,  he  adds. 

“Everyone  not  doing  it  will  be  left 
behind,”  Broughton  says.  ► 


ROADWAY  DRIVES 
ACYAPPS 
KID  THE  WEB 

Truck  ng  company  provides  browser- 
based  access  to  mainframe  data  and 
applications.  By  Linda  Rosencrance 


Roadway 
Express  Inc. 

Akron,  Ohio 
www.roadway.com 
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Computerizing 
Common  Sense 


Austin,  Texas-based  Cycorp  Inc.  claims 
to  be  “the  leading  supplier  of  formalized 
common  sense.”  CEO  and  founder  Doug 
Lenat  has  labored  17  years  to  codify  facts 
such  as  “Once  people  die,  they  stop  buy¬ 
ing  things.”  He  uses  a  form  of  symbolic 
logic  called  “predicate  calculus”  to  clas¬ 
sify  and  show  the  properties  of  informa¬ 
tion  in  a  standard  way. 

The  Cyc  knowledge  base  adds  power 
to  applications  by  adding  common- 
sense  information  on  top  of  the  domain- 
specific  knowledge  that  occurs  in  every 
application,  Lenat  tells  Computer- 
world’s  Gary  H.  Anthes. 

“We  see  it  as  the  next  great  thing,” 
says  Morrie  Sigel,  a  partner  at  Atlantic 
Capital  Partners  LLC  in  Darien,  Conn. 
“The  knowledge  base  provides  such  a 
broad  platform  for  a  multiplicity  of 
products  that  it’s  mind-boggling.” 

What  have  you  accomplished  so  far? 

We’ve  put  in  600  person-years  of 
effort,  and  we’ve  assembled  a  knowl¬ 
edge  base  containing  3  million  rules 


of  thumb  that  the  average  person 
knows  about  the  world,  plus  about 
300,000  terms  or  concepts. 

Can  you  give  an  example?  Terms  like  “first 
date”  and  rules  of  thumb  like  “Peo¬ 
ple  are  more  polite  on  their  first  date 
than  they  are  on  their  nth  date.”  A 

WHO  IS  HE? 

Doug  Lenat  is  an 

artificial  intelligence 
pioneer  who  is 
leading  the  human 
“memome”  project, 
an  effort  to  codify  all 
the  common  sense  in 
a  person’s  head. 


lot  of  these  things  were  true  50,000 
years  ago,  like  “If  you  are  carrying  a 
container  that’s  open  on  one  side, 
you  should  carry  it  with  the  open 
end  up.”  The  idea  is  to  represent 
these  in  formal  logic  as  opposed  to 
English  sentences.  You  want  the 
machine  to  be  able  to  crank  through 
the  logical  deductions  —  the  conse¬ 
quences  of  these  assertions  —  the 
same  way  you  or  I  would. 

What  will  the  knowledge  base  be  used  for? 

I  see  this  more  as  a  power  source 
rather  than  a  single  application. 
[For  any  given  application],  you 
need  common-sense  knowledge  and 
domain  knowledge.  We  are  building 
in  the  common-sense  knowledge. 

Are  there  any  applications  so  far?  Yes,  it’s 
called  CycSecure,  and  we  are  beta¬ 
testing  it.  Cyc  knows  what  are  nor¬ 
mal,  legitimate  actions  and  what  are 
actions  taken  by  hackers,  [and  it 
knows  about  operating  system  vul¬ 
nerabilities].  It  uses  its  [artificial 
intelligence]  planning  ability  and 
knowledge  of  the  world  to  come  up 
with  network  attack  plans.  You  tell  it 
about  your  network,  and  instead  of 
running  canned  exploits  against  it 
and  doing  the  old-fashioned  intru¬ 
sion  detection,  you  do  hypothetical 
reasoning.  You  experiment  on  the 
model  instead  of  the  actual  network. 

What  is  OpenCyc?  It’s  a  daring  gamble  to 
gradually  make  everything  in  the 
Cyc  knowledge  base  public.  An  ini¬ 
tial  release  last  week  made  available 
about  5,000  concepts  and  50,000 
axioms  or  assertions  about  them. 

We  will  gradually,  over  the  next  two 
years,  migrate  everything  to  the  pub¬ 
lic  mode.  But  OpenCyc  will  always 
lag  by  24  to  30  months. 

Are  you  continuing  to  add  to  Cyc?  Yes. 

Cyc  finally  knows  enough  that  it 
can  actually  help  with  the  knowl¬ 
edge-entry  process.  It’s  changed  in 
the  past  year  from  where  we  were 
entering  these  things  by  hand  and 


Knowledge  Sample 

The  Cyc  knowledge  base  uses  predicate 
calculus  to  encode  assertions  such  as 
“Animals  sleep  at  home." 


(ForAII  ?x  (ForAII  ?S  (ForAII  7PLACE 
(implies  (and 
(isa  ?x  Animal) 

(isa  ?S  SleepingEvent) 
(performer  ?S?x) 

(location  ?S  7PLACE)) 
(home?x?PLACE))))) 


This  says  that  if  x  is  an  animal  and  is  the 
performer  of  a  sleeping  event,  then  the 
place  where  that  event  takes  place  is  the 
home  of  x. 

writing  them  in  logic  to  a  kind  of  tu¬ 
toring  mode.  For  example,  you  say, 

“I  want  to  tell  you  about  a  new  kind 
of  bacteria,”  and  it  might  say,  “What 
kinds  of  things  does  it  kill?  Is  it  sim¬ 
ilar  to  anything  I  know  about  al¬ 
ready?”  Up  until  now,  the  only  peo¬ 
ple  adding  knowledge  were  a  small 
priesthood  of  logicians.  Now,  sud¬ 
denly,  millions  of  people  can  add 
their  knowledge  to  Cyc.  Because  of 
the  acceleration,  we’ll  be  at  10  mil¬ 
lion  assertions  a  year  from  now. 

Won’t  input  from  the  public  bring  in  a  lot  of 
garbage?  I’ll  have  an  OpenCyc  com¬ 
mittee  to  help  vet  knowledge  that  is 
suggested.  Also,  we’ve  developed  the 
notion  of  local  consistency,  which  is 
analogous  to  our  everyday  notion  of 
the  earth  as  being  locally  flat  and 
globally  spherical.  In  the  same  way, 
we  have  divided  the  knowledge  base 
into  regions  that  are  locally  consis¬ 
tent,  and  all  the  inconsistent  infor¬ 
mation  is  so  far  away  that  you  can 
ignore  it.  If  someone  puts  in  “Dining 
room  tables  are  made  of  Jello,”  that 
will  contradict  so  many  things  in  the 
“normal”  part  of  the  knowledge  base 
that  it  automatically  will  get  pushed 
out  into  the  boonies. 

Is  Cyc  like  the  human  genome  project,  where 
eventually  you  will  be  done,  or  will  it  grow 
forever?  I  refer  to  it  as  the  human 
“memome”  project.  A  typical  person 
knows  about  100  million  things 
about  the  world.  I  see  us  crossing 
that  point  in  five  years.  It’s  difficult 
to  predict  the  course  thereafter.  I 

f  Y  ,  1 .  ,1 ,  To  learn  how  an  early  user  of  the 

W  LUVJa  Cyc  knowledge  base  is  applying  it 
in  a  national  security  application, 

I  J1  1I\  %  *  visit  our  Web  site: 

www.computerworld.com/q728697 
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Windows  Gets 
A  64-Bit  Boost 


OUTLOOK:  Microsoft’s  64-bit  version  of 
.Net  Server  will  give  some  applications  a 
much-needed  performance  boost.  Here’s 
how  the  technology  will  eventually  fit  into 
enterprise  computing.  By  Drew  Robb 


Microsoft  corp.  suc¬ 
cessfully  made  the 
leap  from  desktop 
dominance  to  grab¬ 
bing  a  hefty  share  of  the  serv¬ 
er  operating  system  market. 
Now  the  vendor  is  setting  its 
sights  on  high-performance 
workstations  and  servers. 

Intel  Corp.  got  the  ball 
rolling  last  June,  when  it  start¬ 
ed  shipping  the  64-bit  Itanium 
processor,  based  on  its  IA-64 
architecture.  Then  in  August, 
Microsoft  introduced  an  eval¬ 
uation  version  of  its  first  64- 
bit  server  operating  system, 
Windows  2000  Advanced 
Server  Limited  Edition,  and 
announced  a  64-bit  version  of 
Windows  XP  for  the  desktop. 

Server  vendors  have  already 
begun  shipping  Wintel  sys¬ 
tems.  But  the  migration  of  ap¬ 
plications  is  likely  to  be  a  slow 
process,  say  users  and  analysts. 

The  benefit  for  compute¬ 
intensive  Windows  applica¬ 
tions  is  significant.  Itanium 
systems  offer  floating-point 
performance  improvements 
that  speed  up  applications 
such  as  3-D  modeling  and  hu¬ 


man  genome  analysis.  Since 
the  Itanium  can  access  up  to 
16TB  of  RAM,  entire  databases 
can  move  from  disk  to  memo¬ 
ry,  allowing  access  speeds  that 
are  100  times  faster  than  disk- 
bound  databases. 

The  Migration  Curve 

Programmers  can  use  Mi¬ 
crosoft’s  Visual  Studio  .Net 
development  software  to  cre¬ 
ate  64-bit  applications,  says 
Velle  Kolde,  a  lead  product 
manager  at  Microsoft.  “IA-64 
uses  the  same  Windows  pro¬ 
gramming  model”  and  user  in¬ 
terface,  he  says,  “so  32-bit  de¬ 
velopers  and  ISVs  [indepen¬ 
dent  software  vendors]  don’t 
have  to  learn  a  new  one.” 

This  summer,  Microsoft 
plans  to  introduce  64-bit  ver¬ 
sions  of  Windows  .Net  Data¬ 
center  Server  and  Windows 
.Net  Enterprise  Server.  At  the 
same  time  Intel  will  release  its 
new  2-GHz  Itanium  processor, 
code-named  McKinley,  which 
will  have  a  higher  clock  speed 
and  enhanced  compiler  capa¬ 
bilities.  Two  more  64-bit  Intel 
processors,  code-named  Madi- 


■  AT  A  GLANCE 

Wintel  64-Bit 
Computing 

WHAT  IS  IT? 

New  Windows  XP  and  .Net 
Server  versions  running  on 
Intel  IA-64-based  systems 
that  support  high-perfor¬ 
mance,  64-bit  applica¬ 
tions. 

WHAT  IT’S  GOOD  FOR: 

CPU-intensive  32-bit  Win¬ 
dows  applications  could 
benefit  from  wider  proc¬ 
essing  bandwidth,  faster 
speeds  and  support  for  up 
to  64GB  of  memory. 

WHO  WILL  BENEFIT: 

Enterprises  using  com¬ 
pute-intensive  applica¬ 
tions,  including  engineer¬ 
ing,  data  mining  and  multi- 
media  applications. 

WHAT’S  THE  CATCH: 

Applications  must  be  re¬ 
compiled  and  tuned  for 
optimum  performance. 
64-bit  versions  of  com¬ 
mercial  applications  are 
not  yet  available. 

WHO  SHOULD  PASS: 

Organizations  running 
Windows  applications  that 
aren’t  constrained  by 
processing  power  and 
available  memory. 


■  Q&A 

Developers  Ponder  the  64-Bit  Question 


Daniel  Mezick  is  president  of 
New  Technology  Solutions  Inc.,  a 
provider  of  programmer  training 
services  in  North  Haven,  Conn. 

Are  programmers  interested  in 
b4-bit  Windows?  We  are  not  see¬ 
ing  any  groundswell  of  developer 
it  res’  in  64-bit  Windows. 


What  are  the  application  migra¬ 
tion  issues?  The  main  thing  fac¬ 
ing  programmers  is  the  [applica¬ 
tion  programming  interface] 
changes. 

What  advice  would  you  give  pro¬ 
grammers  considering  a  migra¬ 
tion?  Before  long,  Microsoft  will  be 


beating  the  drum  about  how  you 
must  write  to  .Net  if  you  want  a  mi¬ 
gration  path  to  64-bit  processors. 

My  advice  is  to  time  that  migra¬ 
tion  carefully.  Moving  to  .Net  re¬ 
quires  plenty  of  developer  training, 
and  migrations  are  essentially  a 
rewrite.  So  application  owners 
need  to  think  strategically. 


son  and  Deerfield,  are  sched¬ 
uled  for  mid-2003  release. 

Missing  from  the  equation 
are  the  64-bit  applications, 
and  software  vendors  aren’t 
likely  to  announce  ship  dates 
until  the  release  date  of  Mi¬ 
crosoft’s  first  64-bit  operating 
system  is  final. 

Real-World  Implications 

Early  IA-64  releases  have 
been  geared  toward  develop¬ 
ers  and  early  adopters.  Savvas 
Papaiacovou,  manager  of  the 
MIS  Group  at  Wells  Fargo  & 
Co.  in  San  Francisco,  is  run¬ 
ning  a  pilot  to  optimize  a  64- 
bit  version  of  an  SAS  database 
used  for  market  and  customer 
behavior  analysis. 

“Some  of  the  tables  we  use 
for  quantitative  modeling  have 
600  million  observations,”  he 
says.  “As  we  optimize  the  SAS 
code,  we  are  seeing  increas¬ 
ingly  better  performance.” 

While  it  makes  sense  to  mi¬ 
grate  some  compute-intensive 
Windows  applications  to  the 
new  platform,  Wintel  systems 
are  unlikely  to  challenge  the 
high-end  Unix  systems  that 
run  64-bit  data  center  applica¬ 
tions  until  stability  and  matu¬ 
rity  are  proven.  Even  then, 
programmers  may  find  it  easi¬ 
er  and  more  cost-effective  to 
recompile  64-bit  Unix  applica¬ 
tions  to  run  on  Itanium  sys¬ 
tems  that  run  Linux  instead  of 
.Net  Server. 

But  most  enterprise  soft¬ 
ware  vendors  are  already 
working  on  64-bit  versions  of 
their  software. 

“Although  Unix  vendors 
have  more  experience  here, 
the  sheer  weight  of  ISV  and 
independent  hardware  vendor 
support  for  Windows  should 
mean  that  it  gains  acceptance 
quickly,”  says  Mary  Hubley,  an 
analyst  at  Stamford,  Conn.- 
based  Gartner  Inc.  But,  she 
adds,  “32 -bit  applications  are 
likely  to  predominate  for  some 
time.”  > 


Robb  is  a  freelance  writer  in 
Tujunga,  Calif.  Contact  him  at 
drewrobb@attbi.com. 


Intel's  Steven  Speer 
discusses  64-bit  Win¬ 
dows  application  de¬ 
velopment  and  more: 

www.computerworld.com/q?28396 
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■  THE  MARKET 

Activity  on 
The  Horizon 

The  Wintel  64-bit  product 
landscape  is  barren  today,  but 
that’s  likely  to  change  during 
the  next  12  months. 

SERVERS 

Vendors  such  as  Dell  Comput¬ 
er  Corp.,  IBM  and  Compaq 
Computer  Corp.  already  offer 
Itanium-based  systems  for  use 
with  Windows  2000  Advanced 
Server  Limited  Edition. 

DEVELOPMENT  TOOLS 

Both  Intel  and  Microsoft  offer 
64-bit  compilers  and  develop¬ 
ment  tools.  Third-party  vendors 
such  as  Rational  Software 
Corp.  also  offer  tools  to  help 
with  the  transition. 

ENTERPRISE  APPLICATIONS 

Vendors  that  have  announced 
64-bit  application  support  in¬ 
clude  Computer  Associates  In¬ 
ternational  Inc.,  BMC  Software 
Inc.,  SAP  AG,  J.D.  Edwards  & 
Co.,  IBM,  SAS  Institute  Inc. 
and  Veritas  Software  Corp. 

PHASE-IN  PERIOD 

The  transition  to  64-bit  com¬ 
puting  will  take  time.  Intel  will 
continue  to  develop  32-bit 
processors  for  several  years  as 
its  64-bit  processors  gradually 
gain  acceptance.  And  32-bit 
systems  are  likely  to  continue 
to  exist  long  after  64-bit  com¬ 
puting  gains  momentum  be¬ 
cause  legacy  32-bit  Windows 
applications  will  run  more 
slowly  on  64-bit  systems. 

Eventually,  analysts  say,  32- 
bit  Windows  will  go  the  way  of 
DOS.  Boston-based  Aberdeen 
Group  Inc.'s  Tom  Manter  pre¬ 
dicts  it  will  be  nine  to  16  months 
before  64-bit  Windows  gains 
mainstream  support.  “The  mar¬ 
ketplace  has  to  feel  comfort¬ 
able  that  it  is  a  hardened  plat¬ 
form  that  is  fully  tested  and  is 
ready  for  their  mission-critical 
applications,”  he  says. 

But  Tim  Golden,  director  of 
marketing  at  Compaq’s  Enter¬ 
prise  Server  Group,  predicts 
the  transition  to  64-bit  comput¬ 
ing  will  take  three  to  five  years. 
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CODERNAUTS  DISCOVER  WEBSPHERE.  THE  WORLD’S  MOST  POPULAR  INTEGRATION  SOFTWARE. 


WEBSPHERE  for  INFRASTRUCTURE 

|  CONNECTS  MORE  APPLICATIONS,  DEVICES,  PROCESSES  AND  PEOPLE  THAN  ANY  OTHER  SOFTWARE  | 
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Peer-to-Peer  Network 


DEFINITION 

A  peer-to-peer  network  is  one  in  which  two  or  more 
PCs  share  files  and  access  to  devices  such  as 
printers  without  requiring  a  separate  server  com¬ 
puter  or  server  software. 


Navigating  a  P2P  Network 

This  diagram  shows  how  a  P2P  network  operates.  The  solid  lines  indicate 
physical,  hard-wired  network  cables.  The  dotted  lines  indicate  that  each 
PC  can  communicate  and  share  files  with  every  other  PC  on  such  a 
network.  A  printer  attached  to  one  PC  can  be  used  by  other  PCs  on  the 
network  -  if  that  printer’s  PC  allows  such  use. 


BY  JAMES  COPE 

N  ITS  SIMPLEST  FORM, 

a  peer-to-peer  (P2P) 
network  is  created 
when  two  or  more  PCs 
are  connected  and  share 
resources  without  going 
through  a  separate  server 
computer.  A  P2P  network  can 
be  an  ad  hoc  connection  —  a 
couple  of  computers  connect¬ 
ed  via  a  Universal  Serial  Bus 
to  transfer  Files.  A  P2P  net¬ 
work  also  can  be  a  permanent 
infrastructure  that  links  a  half- 
dozen  computers  in  a  small  of¬ 
fice  over  copper  wires.  Or  a 
P2P  network  can  be  a  network 
on  a  much  grander  scale  in 
which  special  protocols  and 
applications  set  up  direct  rela¬ 
tionships  among  users  over 
the  Internet. 

The  initial  use  of  P2P  net¬ 
works  in  business  followed  the 
deployment  in  the  early  1980s 
of  free-standing  PCs.  In  con¬ 
trast  to  the  minimainframes  of 
the  day,  such  as  the  VS  system 
from  Wang  Laboratories  Inc., 
which  served  up  word  pro¬ 
cessing  and  other  applications 
to  dumb  terminals  from  a  cen¬ 
tral  computer  and  stored  files 
on  a  central  hard  drive,  the 
then-new  PCs  had  self-con¬ 
tained  hard  drives  and  built-in 
CPUs.  The  smart  boxes  also 
had  onboard  applications, 
which  meant  they  could  be  de¬ 
ployed  to  desktops  and  be  use¬ 
ful  without  an  umbilical  cord 
linking  them  to  a  mainframe. 

Many  workers  felt  liberated 
by  having  dedicated  PCs  on 
their  desktops.  But  soon  they 


needed  a  way  to  share  files 
and  printers.  The  obvious  so¬ 
lution  was  to  save  files  to  a 
floppy  disk  and  carry  the  disk 
to  the  intended  recipient  or 
send  it  by  interoffice  mail. 

Sneaker  Nets 

That  practice  resulted  in  the 
term  “sneaker  net.”  The  most 
frequent  endpoint  of  a  typical 
sneaker  net  was  the  worker 
who  had  a  printer  connected 
to  his  machine. 


While  sneaker  nets  seemed 
an  odd  mix  of  the  newest  tech¬ 
nology  and  the  oldest  form  of 
transportation,  the  model  is 
really  the  basis  for  today’s 
small  P2P  workgroups. 

Whereas  earlier  centralized 
computing  models  and  today’s 
client/server  systems  are  gen¬ 
erally  considered  controlled 
environments  in  which  indi¬ 
viduals  use  their  PCs  in  ways 
determined  by  a  higher  au¬ 
thority,  a  classic  P2P  work¬ 


group  network  is  all  about 
openly  sharing  files  and  de¬ 
vices. 

In  general,  office  and  home 
P2P  networks  operate  over 
Ethernet  (10M  bit/sec.)  or  Fast 
Ethernet  (100M  bit/sec.)  and 
employ  a  hub-and-spoke 
topology.  Category  5  (twisted¬ 
pair)  copper  wire  runs  among 
the  PCs  and  an  Ethernet  hub 
or  switch,  enabling  users  of 
those  networked  PCs  access  to 
one  another’s  hard  drives, 
printers  or  perhaps  a  shared 
Internet  connection. 

Both  Client  and  Server 

In  effect,  every  connected  PC 
is  at  once  a  server  and  a  client. 
There’s  no  special  network  op¬ 
erating  system  residing  on  a 
robust  machine  that  supports 
special  server-side  applications 
like  directory  services  (spe¬ 
cialized  databases  that  control 
who  has  access  to  what). 

In  a  P2P  environment,  access 
rights  are  governed  by  setting 
sharing  permissions  on  indi¬ 
vidual  machines. 

For  example,  if  User  A’s  PC 
is  connected  to  a  printer  that 
User  B  wants  to  access,  User  A 
must  set  his  machine  to  allow 
(share)  access  to  the  printer. 
Similarly,  if  User  B  wants  to 
have  access  to  a  folder  or  file, 
or  even  a  complete  hard  drive, 
on  User  A’s  PC,  User  A  must 
enable  file  sharing  on  his  PC. 
Access  to  folders  and  printers 
on  an  office  P2P  network  can 
be  further  controlled  by  as¬ 
signing  passwords  to  those  re¬ 
sources.  I 


Cope  is  an  Indiana-based  free¬ 
lance  writer.  He  can  be  contacted 
at  jamescope@sbinet.com. 


(  Ti  1 1  r»l/  For  a  story  on  com- 
mercial  P2P  soft- 
T  iril  ware,  log  on  to  our 

LUIKV  Website 

www.computerworld.com/q728287 

For  a  complete  list  of  Technology  Quick- 
Studies,  visit  our  Web  site: 

www.computerworld.com/q?q3000 


P2P  Over 
The  Internet 

Although  the  Internet  is  very 
much  a  client/server  network, 
there  are  file-sharing  tech¬ 
nologies  that  enable  users  to 
create  a  P2P  environment 
over  the  public  Internet. 

The  one  that  got  the  most 
attention  was  that  of  San  Ma¬ 
teo,  Calif.-based  Napster  Inc., 
which  got  the  kibosh  from  the 
federal  government  last  fall 
for  allowing  users  to  search 
one  another's  hard  drives  for 
copyrighted  files.  But  Napster 
wasn’t  truly  P2P.  Users  of  the 
service  had  to  log  on  to  a 
server  to  search  for  a  title;  the 
server  then  pointed  to  the  PC 
of  another  user  somewhere 
on  the  Internet  containing  the 
desired  file.  Once  the  file  was 
found,  though,  the  download 
took  place  peer-to-peer,  from 
one  PC  to  another. 

Another  P2P  file-sharing 
system  that  uses  the  Internet 
is  Gnutella,  a  protocol  origi¬ 
nally  developed  by  San  Fran¬ 
cisco-based  Nullsoft  Inc.  but 
subsequently  jettisoned  into 
the  public  domain  when  Null- 
soft  was  purchased  by  Dulles, 
Va.-based  America  Online  Inc. 
in  1999. 

Gnutella-compatible  end- 
user  applications  create 
what’s  called  a  Gnutella  ser- 
vent  when  installed  on  an  end 
user’s  PC.  When  logged  on  to 
the  Internet,  servents  an¬ 
nounce  themselves  to  other 
servents  and  also  propagate 
search  requests  for  files 
housed  on  user  hard  drives. 
The  query  results  are  present¬ 
ed  to  the  user  via  the  servent 
application,  the  user  selects 
the  file  he  wants  and  then 
downloads  it  over  the  Internet 
directly  from  the  PC  housing 
the  file. 

-  James  Cope 


■  A iv  there  technologies  or  issues  you  would  like  to  learn  about  in  QuickStudy?  Please  send  your  ideas  to  quickstudy@computerworld.com. 
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THE  CODERNAUTS  DISCOVER  SOFTWARE  THAT  DISTILLS  DATA  AND  CREATES  KNOWLEDGE 


DB2  for  INSIG 

|  MAXIMIZE  UNUSED  DATA  WITH  DB2  BUSINESS  INTELLIGENCE  f 


( P )  business  software 


ibm.com/db2/insight 


IT’S  A  DIFFERENT  KIND  or  WORLD. 

YOU  NEED  A  DIFFERENT  KIND  or  SOFTWARE. 
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Suspected  Code  Theft 

Creates  a  Forensic  Furor 


When  Mathias’  company  thinks  someone  is  stealing 
intellectual  property ,  it’s  up  to  him  to  find  out  who 


BY  MATHIAS  THURMAN 

RECENTLY  RECEIVED  A  CALL  from 
one  of  my  company’s  intellectu¬ 
al-property  lawyers,  who  sus¬ 
pected  that  someone  had  stolen 
the  source  code  to  one  of  our 
products.  A  license  for  the  product 
costs  more  than  $10,000,  so  the  possi¬ 
bility  that  it  might  have  been  taken  was 
cause  for  great  alarm. 

Here’s  what  happened:  Our  company 
entered  into  a  joint  devel¬ 
opment  agreement  with 
another  firm  and  provided 
a  Solaris  workstation  con¬ 
taining  the  source  code  for 
the  software  in  question 
for  purposes  of  interoper¬ 
ability  testing  with  our 
partner’s  products. 

During  the  course  of  the 
integration  work,  one  of 
the  other  firm’s  employees 
was  laid  off.  Prior  to  his 
departure,  the  employee, 
now  disgruntled,  claimed 
that  an  unnamed  colleague 
had  copied  our  company’s 
source  code  for  his  own 
use.  The  colleague  al¬ 
legedly  had  bragged  about 
using  parts  of  our  code  to  create  a  new 
product.  Upon  hearing  this,  our  attor¬ 
ney  immediately  ordered  the  server 
brought  down  and  the  system’s  internal 
hard  drive  returned.  My  task  was  to  de¬ 
termine,  if  possible,  whether  the  source 
code  had  been  copied  —  and  by  whom. 

Faced  with  a  forensic  analysis  of  the 
hard  drive,  I  had  three  options.  I  could 
do  the  work  in-house,  outsource  all  of 
the  work  or  outsource  part  of  it.  To 
avoid  bias  or  conflict  of  interest,  I  de¬ 
cided  to  outsource  the  entire  project. 

Finding  an  Expert 

My  first  job  was  to  find  a  reputable, 
capable  and  efficient  forensic  analyst 
tr  do  the  work  quickly.  I  called  a  few 
people  I  used  to  work  with  who  had  ex¬ 
pertise  in  this  area.  The  first  person 
said  he  could  create  a  mirror  image  of 


the  drive,  but  he  wasn’t  skilled  enough 
with  the  Solaris  operating  system  to 
provide  an  analysis  that  would  prove 
—  or  disprove  —  the  transfer  of  our 
company’s  source  code.  The  other  fel¬ 
low  had  the  Solaris  skills  we  needed 
but  had  his  hands  full  indefinitely  with 
work  related  to  the  Enron  Corp.  case. 
However,  he  gave  me  a  reference,  and  I 
also  obtained  references  from  other  in¬ 
formation  security  professionals  and 
found  the  names  of  rep¬ 
utable  firms  through  an  In¬ 
ternet  search. 

In  reviewing  the  vendors, 
I  considered  their  level  of 
expertise  (Did  they  have 
Solaris  forensic  skills?), 
business  viability  (Would 
they  be  around  when  this 
case  goes  to  trial?)  and  rep¬ 
utation  (If  they  had  to  testi¬ 
fy,  would  they  be  consid¬ 
ered  credible  witnesses?). 

The  vendors  charged 
hourly  rates  ranging  from 
$150  to  $400.  All  charged 
for  “nonattended”  work  — 
the  time  required  for  their 
system  to  create  a  drive  im¬ 
age  —  but  some  charged 
that  time  at  a  lower  rate.  Time  esti¬ 
mates  for  the  project  ranged  from  two 
days  to  a  week.  In  the  end,  I  chose  the 
winning  vendor  based  on  its  strong 
references. 

It  took  several  days  to  negotiate  a 
statement  of  work  with  estimates  of  the 
project’s  cost,  time  and  scope.  Part  of 
those  discussions  included  clearly  de¬ 
lineating  what  the  forensic  analyst 
should  look  for.  Ideally,  I  wanted  them 
to  answer  the  “who,  what,  where,  when, 
why  and  how”  questions  related  to  the 
incident.  Of  those,  “why”  usually  is  the 
most  difficult  because  that’s  a  question 
best  answered  by  the  criminal.  But  the 
other  answers  might  be  gleaned  by 
carefully  analyzing  files,  logs  and  other 
residual  data  —  even  data  that  might 
have  been  erased  but  not  yet  overwrit¬ 
ten  on  the  hard  drive. 


In  our  case,  all  we  really  needed  to 
know  was  whether  our  source  code  had 
been  copied  or  transferred,  who  did  it, 
when  they  did  it,  how  it  was  transferred 
or  copied  and  where  the  files  were 
transferred.  After  reaching  an  agree¬ 
ment  with  the  vendor,  I  signed  out  the 
evidence  —  a  hard  drive  stored  in  a  safe 
in  our  facilities  manager’s  office  —  and 
shipped  it  to  the  firm’s  forensic  lab. 

The  Assessment 

Forensic  specialists  use  several 
methodologies  in  a  media  analysis,  but 
they  start  by  creating  a  mirror  image  of 
the  original  disk  drive.  Once  the  vendor 
creates  the  drive  image,  it  can  return 
the  original  drive  to  the  owner  for  safe¬ 
keeping.  An  analyst  then  extracts  the 
mirror  image  to  a  clean  hard  drive  be¬ 
fore  beginning  the  analysis. 

Our  analyst  sent  our  original  hard 
drive  back,  along  with  a  second  drive 
containing  a  mirror  image.  We  can  use 
this  copy  if  we  want  a  second  opinion 
or  want  to  perform  an  analysis  our¬ 
selves.  The  image  includes  an  MD5 
checksum  of  the  image  so  that  it  can  be 
verified  to  be  an  exact  copy  of  the  origi¬ 
nal  drive  if  there’s  a  question  about  the 
integrity  of  the  image. 

After  about  a  week,  the  vendor  re¬ 
turned  the  results  —  with  some  inter¬ 
esting  conclusions.  Unfortunately,  it 
found  no  clear  evidence  that  a  specific 
individual  transferred  the  files  to  an¬ 
other  company  using  file  transfer  pro¬ 
tocol.  But  the  vendor  did  find 
information  in  one  of  the  shell  history 
files  that  seemed  to  imply  that  a  trans¬ 
fer  took  place. 

The  shell,  or  command  processor, 
programs  used  by  Solaris  and  other 
Unix  operating  systems  typically  have  a 
history  function  that  lets  administra¬ 
tors  execute  previously  entered  com¬ 
mands  without  retyping  them.  The 
shell  history  file  is  a  text  file  located  in 
each  user’s  home  directory,  where  it 
provides  a  clue  to  what  commands  a 
given  user  has  executed.  The  history 
file  for  the  root  administrative  account 
on  our  drive  showed  that  someone  had 
created  a  tape  archive  for  one  of  the 
files  in  question  and  had  copied  it  to  an 
external  medium.  However,  there 
wasn’t  any  evidence  to  show  what  type 
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MD5  checksum:  This  algorithm,  origi¬ 
nally  designed  to  create  digital  signa¬ 
tures,  can  also  be  used  to  verify  that  a 
drive  image  is  an  exact  copy.  The 
process  creates  a  unique  encrypted 
value,  called  a  message  digest,  based 
on  the  number  of  set  bits  in  a  file.  Using 
a  public  key,  a  forensic  analyst  can 
compare  the  decrypted  numerical  value 
for  the  drive  image  to  one  calculated  on 
the  original  to  verify  that  the  copy  hasn’t 
been  altered.  For  more  information,  visit 
http://theory.lcs.mit.edu/-rivest/ 
Rivest-MD5.txt. 

LINKS: 

Forensic  Analysis  Firms 

EvidentData  Inc. 

Rancho  Cucamonga,  Calif. 

www.evidentdata.com/ 

Foundstone  Inc. 

Mission  Viejo,  Calif. 

www.  foundstone.  com/ 

New  Technologies  Armor  Inc. 

Gresham,  Ore. 

www.forensics-intl.com/ 

Do-It-Yourself  Tools 
www.fish.com/tct/:  The  Coroners 
Toolkit  is  a  set  of  freeware  tools  for  Unix 
forensic  media  analysis. 

www.  forensics-intl.  com/thetools. 
html:  Safeback,  from  New  Technolo¬ 
gies,  performs  “evidence-grade" 
mirrored  backups  of  hard  drives. 

www.guidancesoftware.  com/ 
html/index.html:  EnCase,  from  Guid¬ 
ance  Software  Inc.  in  Pasadena,  Calif., 
is  one  of  the  better-known  commercial 
disk-analysis  tools. 


of  media  was  connected  to  the  Solaris 
server  when  the  archive  took  place. 
And  since  many  people  had  access  to 
the  root  account,  it  was  difficult  to  pin 
the  activity  on  a  single  individual. 

The  next  step  is  to  interview  poten¬ 
tial  suspects  and  try  to  get  them  to  con¬ 
fess.  Fortunately,  I  can  leave  that  up  to 
the  lawyers.  Could  I  have  done  more?  I 
welcome  readers  with  ideas  and  similar 
experiences  to  join  in  the  Security 
Manager’s  Journal  forum  online.  I 


Quick 
I  .inkO 


Discuss  this  week's  column  and 
catch  up  on  the  latest  security 
developments  online  at: 

www.com  puterworld.com/q?q2000 


■  week's  journal  is  written  by  a  real  security  manager,  "Mathias  Thurman,"  whose  name  and  employer  have  been  disguised  for  obvious  reasons.  Contact  him  at  mathias  Jhurman§yahoo.com  or  go  to  the  Security  Manager's  Journal  forum. 
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Diversity  Job  Fair 
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Holiday  Inn  City  Centre 
300  E.  Ohio  St. 
Chicago,  IL 
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Raytheon  Andrew  Corporation  STARBUCKS  DesMoines 
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Allied  Insurance  CVS/PHARMACY  AND  MORE! 


The  tech  game  can  change  all  it 
wants  to,  but  savvy  technology 
professionals  still  know  how  to  win 
with  Dice.  Show  change  who's  the 
boss.  Visit  Dice.com  today. 
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Every  day  hiring  managers  turn 
to  ITcareers.com  for  the  best  IT 
candidates.They  know  us  and 
they  know  we  can  deliver. 


If  you  want  a  better  challenge, 
we  challenge  you  to  find  a  better 
IT  career  site  thanlTcareers.com. 
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ITcareers.com 
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The 

Gillette 

Company 


INFORMATION 
TECHNOLOGY 
.  . . .  OPPORTUNITIES 


The  Gillette  Company  is  the 
world  leader  in  more  than 
a  dozen  consumer  product 
categories.  Global  World  Class 
operations  are  increasingly 
dependent  on  Information  Tech¬ 
nology.  Exciting  opportunities 
exist  in  global  business  process 
integration  initiatives.  We  are 
currently  seeking  the  following 
highly  qualified  professionals  to 
join  the  Gillette  IT  team  in  the 
Boston  area. 


The  following  positions 
commonly  require  a  Bachelor's 
degree  (or  equivalent)  in 
Computer  Science,  MIS, 
Business  Admin.,  or  similarly 
relevant  field,  and  3-5  years 
relevant  experience. 

I  Staff  Programmer  Analysts 

!  (SAP)  Staff  Basis  Adminis- 
trators/Con-figuration- 
Integration  Specialists/ 
Application  Developers 

!  Data  Warehouse  Architects/ 
Devetopers/Database 
Administrators 

/  Telecommunications 
Analysts 

Starting  salaries  range  from 
$56,100  to  $119,000  per  year, 
together  with  paid  vacation, 
medical,  dental,  life  and  disability 
insurances,  and  other  industry- 
competitive  benefits. 

Please  email  resume  to: 
www.Gillette.Com. 

The  Gillette  Company  is  an 
equal  employment  opportunity 
employer 


IT  Developer  in  Charlotte,  NC, 
First  Union/Wachovia  Corp. 
Provide  oust.  info.  tech,  solutions, 
advise  customers  on  alternatives 
to  target  business  needs  &  write 
project  reqs.,  test  scripts.  Pos. 
will  work  weekends  &  holidays, 
also  carries  pager  24/7  for  prod, 
problems.  Reqs.  BS  in  Comp. 
Science  or  Eng  or  its  equiv.  (any 
suitable  combination  of  educ., 
training  or  exp.  is  acceptable)  & 
2  yrs  exp.  in  the  pos.  offd.  or  as 
Business  Conslt.,  System  Dvlp. 
or  Software  Eng.  In  lieu  of  a  BA 
and  2  yrs.  exp.,  the  employer  will 
accept  4  yrs  exp.  as  a  Systems 
Dvlp.  2  yrs  of  reqd.  exp.  must  incl. 
asset  mgmt.  statement  system 
proc.  working  w/  COBOL  MVS  in 
a  mainframe  envir.  &  must  incl. 
work  w/  Easytrieve  Plus,  JCL  & 
VSAM.  1  yr  of  reqd.  exp.  must 
incl.  exp.  analyzing  brokerage 
transactions  incl.  trades,  dividends 
&  other  taxable  transactions. 
40hrs/wk,  $41 K-  $69K,  Send  re¬ 
sume  &  cvr.  Itr.  to  Geri  Henderson, 
401  South  Tyron  Street,  NC 
0745,  Charlotte,  NC  28288-0475. 


F/T  Technical  Architect.  Provide 
technical  &  architectural  solutions 
for  the  design,  development 
&  enhancements  of  company 
products  &  object  oriented 
analysis  &  design  of  client  appli¬ 
cations  using  UML.  Make  rec¬ 
ommendations  re:  software/ 
hardware,  system  environments 
&  develop  capacity  plans.  Assist 
w/  performance  monitoring,  trou¬ 
bleshoot  technical  problems, 
installation  &  testing  working  w/ 
SQL,  SQL  Server  &  Oracle  data¬ 
bases.  Evaluate  clients'  business 
requirements  &  create  technical 
design  specifications  for  software 
enhancements,  conversion  strate¬ 
gies  &  provide  conversion  sup¬ 
port.  Work  w/Java,  Java  Beans, 
Swing,  VisualAge.  ClearCase, 
ClearOuest  8  CORBA.  Must  have 
Bachelor's  degree  in  CS  or 
related  field  Foreign  degree 
equivalent  accepted.  Must  have 
2  yrs.  exp.  in  job  offered  or 
position  w /  similar  duties.  Send 
resume  to  Betsy  Moya,  Schlum- 
bergerSema,  701  Waterford 
Way.  Ste.  300.  Miami,  FL  33126. 


BAAN  CONSULTANT 

Analyze  &  evaluate  existing  or 
proposed  software  systems. 
Dvlp.,  implement  &  improve 
programs,  systems  &  related 
procedures  to  process  data 
using  in-depth  knowledge  of  the 
systems  dvlpmt.  life  cycle.  Encode, 
test,  debug  &  install  operating 
programs  &  system  software 
utilizing  knowledge  of  Baan  ERP 
tools  and  prog.  lang.  Performs 
functional  definition  and  tech, 
realization/customization  of  Baan 
software.  B.S.  (or  equivalent)  in 
Comp.  Sci.,  Math,  Engrg.,  Busi¬ 
ness  or  Commerce  plus  2  yrs. 
exp.  in  either  job  offered  or  as 
Programmer  Analyst.  Software 
Engr.  or  Sys.  Analyst  rqd.  Expe¬ 
rience  must  include  use  of  Baan 
ERP  tools  (spec.  Baan  Manu¬ 
facturing,  Baan  Distribution  and 
Baan  Finance).  High  mobility 
preferred.  40  hrs/wk,  8  am  -  5 
pm,  $70,000/yr.  Qualified  appli¬ 
cants  report/submit  resume  to: 
Manager,  Washington  County 
Team  PA  CareerLink,  Millcraft 
Center,  Suite  150LL,  90  West 
Chestnut  St.,  Washington,  PA 
15301-4517.  Refer  to  Job  Order 
No.  WEB235003. 


Programmers  &  Software  Engi¬ 
neers 

Design,  develop,  test  and  imple¬ 
ment  specialized  software  apps 
using  (a)  IIS5.0,  Clarify,  XML, 
VB,  ASP,  C,  C++,  CDO,  MTS, 
SQL  Server,  Oracle  &  related 
tools  in  Sun  Solaris/NT/UNIX; 
(b)  Citrix  ASP,  IIS,  SQL  Server, 
DB2,  Oracle/related  tools,  VB, 
ASP.  Pro'C,  Web  methods,  Citrix 
XPS,  XML  in  Sun  Solaris  NT/ 
2000;  (c)  Clarify,  Clarify  modules 
&  tools-CB  Exchange,  DDE, 
UIE,  Clear  Basic,  VB,  Unix  Shell 
Scripts  in  Oracle/related  tools, 
SQL  Server,  reporting  tools  in 
Sun  Solaris/NT/2000;  (d)  Web 
Logic,  XML,  EJB,  JDBC,  Java, 
Servlets,  Cold  Fusion,  C,  C++, 
Pro'C,  Oracle,  Sybase,  SQL 
Server  and  related  tools,  Utilities 
in  RS  6000,  Solaris.  NT/2000. 
Consulting  positions  requiring 
extended  travel.  Prevailing  wage/ 
benefits.  Send  resume  to  Dale 
Blake,  GPTS,  3250  Peachtree 
Industrial  Blvd.,  Suite  203,  Duluth, 
GA  30096.  EOE. 


Onsite  Companies,  Inc.  has  mul¬ 
tiple  openings  for  Engineering 
Programmer  -  convert  engineering 
problem  formulations  to  format 
processable  by  computer;  resolve 
symbolic  formulations,  prepare 
flow  charts  and  block  diagrams 
and  encode  resultant  equations 
for  processing  by  applying 
principles  of  engineering;  confer 
with  other  engineering  and 
technical  personnel  to  resolve 
problems  of  intent,  inaccuracy,  or 
feasibility  of  computer  processing; 
and  enter  program  into  computer 
system;  and  use  any  one  (1)  or 
more  of  the  following”  l-DEAS 
and/or  Algor  FEA.  Req’s.  Bach’s 
in  CS,  Systems  Analysts,  CIS, 
MIS,  Business  Admin,  Comp. 
Applications,  Comp.  Engg., 
Electrical  Engg.,  Electronic 
Engg.,  Mech  Engg.,  Civil  Engg., 
Industrial  Engg.,  Industrial 
Management  &  Technology, 
Physics,  Statistics  or  Math  or  its 
foreign  edu.  equiv.  Attn:  G8102 
TEKsystems,  Inc.  has  multiple 
openings  for  Programmer  Analyst 
-  Analyze,  design,  develop,  test 
and  implement  computer  appli¬ 
cations  using  one  (1)  or  more  of 
the  following:  Visual  Basic,  Crystal 
Reports.  Oracle,  Windows  NT, 
IIS,  ColdFusion,  JavaScript, 
HTML,  DHTML  and/or  MS  Access 
Req's.  Bach's  in  CS,  Systems 
Analysis,  CIS,  MIS,  Information 
Systems,  Comp.  Applications, 
Comp.  Engg  ,  Electrical  Engg., 
Electronic  Engg.,  Mech  Engg., 
Physics,  Statistics  or  Math  or  its 
foreign  edu.  equiv.  Attn:  G62802 
Frequent  relocation  may  be 
necessary.  Send  resume  to  J. 
Brigham,  6992  Columbia  Gateway 
Dr.,  Columbia,  MD  21046. 
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Database  Analyst/Dvlp.  in 
Charlotte,  NC,  Wachovia  Corp. 
Resp.  for  dvlp.  &  support  of  the 
NightlyBox  batch  appl.  &  LOGOS 
report  appl.  for  the  Trade  Oper. 
Group.  Reqs.  BA  in  Comp. 
Science  or  rel.  disc.  &  2  yrs.  exp. 
in  pos.  offd.  or  as  Software  Cons, 
or  System  Analyst.  The  2  yrs  of 
reqd.  exp.  must  incl.  new  appl. 
dvlp.  in  batch  &  online  envir., 
conversion  of  specs,  into  program 
code,  testing  &  prod,  implemen¬ 
tation.  1  yr  of  reqd.  exp.  must  incl. 
work  using  rel.  databases  in  Unix 
env.,  SQL  prog.,  bulk  data  load 
utilities,  Unix  scripting  lang.  & 
AutoSys  job  sched.  tool.  40hrs/ 
wk,  $67K-$90K,  Send  resume  & 
cvr.  Itr.  to  Sabrina  Miller,  301 
South  Tyron  Street,  NC  0953, 
Charlotte,  NC  28288-0953. 


SR.  BASIS  ENGINEER  (SAP) 

to  analyze,  design,  develop  and 
implement  customized  software 
specifically  for  SAP  R/3;  Plan 
and  execute  installations,  up¬ 
grades  and  system  patches  in  a 
SAP  R/3  environment;  Perform 
system  monitoring,  database 
admin.,  administration  of  change 
mgt,  client  mgt.  and  system  se¬ 
curity;  Provide  support  for  inter¬ 
faces  and  ABAP  programming 
environments;  Perform  duties 
using  SAP  Basis  and  Oracle 
on  Windows  NT  and  UNIX  plat¬ 
forms.  Req:  Bach.  deg.  (or  foreign 
equiv.)  in  Comp.  Sci./Engg,  or  a 
closely  related  field,  with  4  yrs. 
exp.  in  the  job  offered  or  as  a 
SAP  BASIS  Conslt.  or  BASIS 
Engg/Architect.  Prior  exp.  must 
include  3  yrs.  using  SAP 
BASIS.  Competitive  salary  and 
benefits.  Send  resume  to:  Pieter 
Badenhorst, Texperts,  Inc.,  7740 
Roswell  Rd.,  Suite  600E, 
Atlanta,  GA  30350 


Manufacturing  Software  Engineer: 
Owing  Mills,  MD.  Assist  Smart- 
card  eng.  mgr,  to  design/develop 
software  to  interface  custom 
machines  and  to  manage,  move 
and  manipulate  data  files.  Interface 
with  international  team.  Direct 
factory  support  is  required.  Req.: 
B.S.  in  CS  or  EE  and  working 
knowledge,  through  academic 
coursework  or  experience,  of 
HMI,  VB6,  SQL,  NT  Server  and 
Oracle  7/8.  Salary:  $53-55K/yr. 
DOE.  Resume  to:  Gaye  Sauer, 
SchlumbergerSema,  9800  Reis- 
terstown  Rd.,  Owing  Mills,  MD 
21117. 


Software  Engineer  wanted  by 
Information  Technology  Co  in 
Piscataway,  NJ.  Must  have 
Master's  Degree  or  Equivalent  in 
Comp  Sci,  Math  or  Electrical 
Engg  &  2  yr  exp.  Respond  to: 
Samsung  SDS  America,  Inc., 
15  Corporate  Place  South, 
Piscataway,  NJ  08854.  Fax: 
732-465-4406. 


Synergy  America,  Inc.  has 
multiple  openings  available  for 
Prog/Sys  Anal,  S/W  Engineers, 
DBAs  and  Sys  Admin  to  design/ 
develop  applications  in  some  of 
the  following  areas:  VB,  VC++, 
Cobol,  SQL,  Java,  HTML.  Oracle, 
Informix,  Sybase,  Internet  and 
wireless  technologies,  Windows, 
UNIX.  All  positions  req  BS/MS  or 
foreign  equiv  in  Comp  Sci,  Sci¬ 
ence,  Engg  or  Business.  Combi¬ 
nation  of  edu  and  exp  will  be 
accepted.  Highly  competitive 
salaries  &  benefits.  Travel/ 
relocation  req.  Resumes  to:  HR, 
1565  Woodington  Circle,  Suite 
101,  Lawrenceville,  GA  30044. 


orld  •  InfoWorld  • 


Software  Engineer  to  analyze, 
design,  develop,  test  and  imple¬ 
ment  Intranet  Billing  System  and 
mission  critical  development 
projects  using  C,  Oracle,  Visual 
Basic,  SQL  Server  etc;  maintain 
and  support  client/server,  internet/ 
intranet  apps  using  Java, 
HTML,  JavaScript,  JSP  and  Java 
Servlets;  perform  requirements 
analysis,  problem  analysis,  solu¬ 
tion  design,  implementation  and 
documentation  on  developed 
applications;  perform  debugging 
and  modifications  on  existing 
software.  Require:  M.S.  or  for¬ 
eign  equiv  in  CS/Engineering 
(any  branch)  or  related  field 
with  1-year  exp.  in  the  job 
offered.  Competitive  salary. Travel 
required.  Resumes  to,  Intercall 
Inc,  Attn:  Bala  -  Director,  1718 
Peachtree  Street,  NW,  STE  554, 
Atlanta,  GA  30309 


Network  Administrator  (Atlanta, 
GA):  Install,  configure  &  support 
Cisco  routers.  Support  &  monitor 
organization's  Local  Area  Network 
(LAN).  Wide  area  network  (WAN) 
&  Voice  over  IP  network  using 
Netcool  SNMP  NMS.  Maintain 
Network  hardware  &  software. 
Maintain  &  ensure  network 
availability  to  all  system  users; 
Monitor  &  test  DS1  &  DS3 
circuits  w /  local  LECs  for  data  & 
voice  communication;  Monitor 
overall  SS7  network  using  INET 
iRemote  software.  Req.  Bachelor's 
in  C.S.,  C.  Engg  or  other  closely 
related  field  +  2yr.  exp.  in  job 
offered.  Resume  to:  HR  Dept;  job 
code  DBCW0405  Cbeyond 
Communications,  320  Interstate 
North  Pkwy,  S.E.,  Ste  300, 
Atlanta,  GA  30339 


Software  Engineer  needed 
w/exp  to  design  &  customize 
GEMMS  &  Oracle  Fin.  applic., 
perform  DBA  operations  &  client 
server  database  applications 
using  Oracle'FORMS,  PL/SQL, 
C/C++.  PRO'C,  Perl,  CGI 
scripts,  GEMMS  APIs,  Oracle 
RDBMS,  Unix,  Linux  &  Windows 
environment.  Send  resumes  to: 
NFE  Technologies,  Inc.,  250 
Dominion  Dr.,  Morrisville,  NC 
27560. 


Senior  Consultant:  Design,  dev., 
test  &  implement  apps  using  C, 
C++,  Java,  VB,  Oracle,  Unix, 
JSP,  Java  Script,  AutoCAD  & 
ANSYS.  Dev.  optimization 
tools/scripts  &  Intra-net  web 
pages  to  support  devmt.  Req'd 
MS  in  Comp.  Sci.  or  Engineering 
+  3  yrs.  exp.  in  similar  duties. 
Apply  w/covltr/res  to:  President, 
Gadiraju Technologies,  Inc.,  138 
Ketcham  Road,  Bellemead,  NJ 
08824. 


PROGRAMMER,  SENIOR 
sought  by  NJ  based  Securities 
Dealer.  Must  possess  Master's 
Degree  or  equivalent  in  Engi¬ 
neering/Telecommunications  or 
directly  related  field  and  2  years 
exp.  in  software/systems  devel¬ 
opment  and  design.  Respond  to: 
Human  Resources  Department, 
Knight  Trading  Group,  Inc.,  525 
Washington  Blvd.,  Jersey  City, 
NJ  07310. 
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Programmer/Analyst  / 

Software  Engineer 
Software  Art  Corp.,  a  software¬ 
consulting  firm,  requires  soft¬ 
ware  professionals  with  demon¬ 
strated  hands-on  experience  in 
the  following: 

Client  Server:  PowerBuilder/C++/ 
Oracle/Sybase/Windows/Unix 
DBA:  Oracle/Sybase 
Mainframe:  COBOL/CICS/DB2 
Internet  Computing:  JAVA/ 
CORBA/XML,  JAVA  Websphere/ 
Weblogic,  SAS  Programmer 
QA  Testers,  Manugistics 
IT  Project  Leader 

Send  resume  to: 
Software  Art  Corporation 
2304  Brunswick  Ave, 
Lawrenceville  NJ  08648 
609-394-8001 
hn9softwareart.com 

or 

27  Water  Street, 
Wakefield  MA.  01880 
www.softwareart.com 

nickv@softwareart.com 


Programmer  Analyst,  Sr.- 
Responsible  for  programming  in 
data  warehousing,  including 
extracting,  transforming  loading 
&  reporting.  Perform  ERP  systems 
&  SQL  UNIX  scripting  to  automate 
different  processes.  Must  have 
Masters  degree  in  Computer 
Science,  Physics  or  Engineering 
or  Bachelors  degree  in  Computer 
Science,  Physics  or  Engineering 
plus  2  yrs  experience.Please  fax 
resumes  to  MECA  Recruiting: 
201-392-6007. 


Software  Engineers  &  Program¬ 
mers.  "Web  enable"  legacy 
applications  to  facilitate  EDI, 
e-commerce  and  communication 
using  ADABAS,  Cobol.  VB, 
FANTM,  ION,  VPN,  ADA-SQL, 
ASP,  Oracle  and  related  tools. 
Prevailing  wage  &  benefits. 
HR,  Spark  Technologies,  7001 
Peachtree  Industrial  Blvd.,  Suite 
446,  Norcross,  GA  30092.  EOE. 


Sr.  Systems  Analyst  for  NJ 
based  Co.  Must  have  a 
Bachelor's  degree  in  Comp. 
Sc.,  Engg.,  5  yrs  of  exp  in  job 
duties  or  Comp.  S/W  dev.  and/or 
consulting  and  prof,  with  RDBMS 
(e.g.  Oracle,  SQL  Server),  Java, 
VC++,  VB,  JSP,  XML,  Unix, 
TCP/IP.  Respond  to:  HR  Dept., 
Digital  Arts,  Inc.,  1 1 9  Cherry  Hill 
Road,  Parsippany,  NJ  07054. 
(Ref:  GG8150IM).  No  phone 
calls. 


♦ 


Product  Marketing  Mgr  -Latin 
America  wanted  for  manufacturer 
of  PC  &  Peripheral  Product 
to  analyze  &  attend  to  Latin 
American  clients’  systems  re¬ 
quirement,  procedures  &  prob¬ 
lems,  improve  existing  systems 
&  promote/market  products  & 
services.  Bachelor  Degree  or 
Foreign  Degree  Equiv.in  Systems 
Engineering  &  4  yrs  of  experi¬ 
ence  in  job  offered.  Send  resume 
to:  Carlos  Jimenez,  ACER  Latin 
America  Inc.  1701  NW  87  Ave. 
Miami,  FI.  33172. 


2002 


OLAP  Database  Administration 
Manager  sought  by  NJ  based 
Securities  Dealer.  Must  possess 
Bachelor's  or  equivalent  in  Elec¬ 
tronics  or  Computer  Engineering 
and  5  years  exp.  in  software/ 
systems  development  and  design. 
Respond  to:  Human  Resources 
Department,  Knight  Trading 
Group,  Inc.,  525  Washington 
Blvd.,  Jersey  City,  NJ  07310. 


PeopleSoftTech  Support  Analyst 
wanted  by  Multinational  Ad 
Agency  in  Manh.  Analyze, 
customize,  implement  &  trou¬ 
bleshoot  PeopleSoft  software; 
provide  support  for  software 
applications.  BS  in  Comp  & 
Engineering  &  2  yrs  exp  in  job 
offered  req.  Respond  to:  RP/HR 
Dept,  PO  Box  4241 ,  GCS,  NY, 
NY  10163. 


XML  Systems  Analysts  needed 
to  dsgn,  dvlp,  test,  maintain  XSD 
code  from  reqmts  documents  as 
UML  diagrams.  Up  to  10%  travel 
reqd  for  conferences/meetings. 
Apply  to  HR  Director,  UCC,  1 009 
Lenox  Dr,  Lawrenceville,  NJ 
08648. 


IT  Consulting  Co.  specializing 
in  software  engineering  and 
systems  integration  is  looking  for 
programmers/analysts  for  its 
Chicago,  IL  operations.  Ideal 
candidates  shall  have  degrees  in 
Computer  Science,  Electrical 
Engineering  or  related  field. 
Please  mail  resume  to:  H.R. 
Dept.,  Trigent  Software,  Inc.  at 
11  Main  St.,  Southborough,  MA 
01772.  No  calls  please.  EOE. 


Systems  Analyst  sought  by 
Manufacturer  of  Institutional 
Linen  in  Baltimore,  MD.  Must 
have  Bach  in  Comp  Sci.,  Engg  or 
equiv  and  one  yr  relevant  exp. 
Respond  to:  HR  Dept,  Intralin 
Corp.,  2200  Winchester  Street, 
Baltimore,  MD  21216. 


Call  your 
ITcareers  Sales 
Representative 
or  Janis  Crowley. 

1-800-762-2977 


MILLIONS  OF 
READERS 

MILLIONS  OF 
SURFERS 


ONLY 
THOUSANDS 
OF  DOLLARS 

TOTAL  IMPACT 
TOTAL 
SAVINGS 

Put  your  message  in 
ITcareers  and 
ITcareers.com  and 
reach  the  world’s 
best  IT  talent. 


ITcareers 

whera  the  best  get  batter 
1  800  762  2977 

ITcareers.com 


Manager,  IT  Product  Marketing 
8.  Support-Latin  America  wanted 
for  Manufacturer  of  PC  & 
Peripheral  Product  to  manage  & 
oversee  IT  product  marketing 
&  system  support  for  Latin 
American  market.  Bachelor 
Degree  or  Foreign  Degree 
Equiv.in  Electronics  Engineering 
8. 4  yrs  of  exp.  as  Mgr.  Engineering 
Dept,  for  International  Computer 
Company.  Send  resume  to: 
Carlos  Jimenez,  ACER  Latin 

America  Inc.  1701  NW  87  Ave. 

Miami,  FI.  33172. 

Ordusion  Technologies,  Inc, 
Atlanta,  has  immediate  multiple 
openings  for  experience  Pro¬ 
grammer/Analysts,  SAW  Engineers 
and  DBAs  in  the  following:  VB, 
VC++,  JAVA,  HTML,  ASP, 
Informix,  Oracle,  Sybase,  CRM/ 
financials/other  commercial  soft¬ 
ware  packages,  web/wireless/ 
internet  technologies,  Systems/ 
DB  administration  etc.  BS/MS 
degree  (or  foreign  equiv)  required. 
Highly  competitive  salaries,  travel/ 
relocation  required.  Send  resumes 
to  3883  Rogers  Bridge  Road, 
Suite  504,  Duluth,  GA  30097. 

PROGRAMMER  ANALYST/ 
SOFTWARE  ENGINEERS: 

Saitech  Corp,  located  in  Jeffer¬ 
son  City,  MO  is  currently  seeking 
individuals  to  design  and  ana¬ 
lyze  programming  applications 
using  COOL:GEN/IEF;  Develop, 
test  and  maintain  applications 
using  Cobol  and  DB2.  Experience 
in  Child  Support  systems  is 
a  plus.  Requires  MS/BS  or 
equivalent  and/or  relevant  work 
experience.  Part  of  the  relevant 
experience  would  include  one 
year  using  COOL:GEN/IEF  and 
DB2.  Mail  resume,  transcripts, 
references  and  salary  require¬ 
ments  to  Saitech  Corp.,  1200 
Duane  Swift  Pkwy.,  #A5,  Jefferson 
City,  MO  65109. 

Software  Engineers/Software 

Consultants/Programmer  Ana¬ 
lysts/Systems  Administrators  (all 

multiple  positions)  sought  by 

computer  s/w  consultancy  firm  in 

North  Brunswick,  N.J.  Must  have 

Bach  in  Comp  Sci.,  Engg  or 

equiv  and  one  yr  relevant  exp. 

Respond  to:  HR  Dept,  B2B 

Technologies,  Inc.,  201  North 

Center  Drive,  North  Brunswick, 

NJ  08902. 

Quantitative  Business  Analyst 

sought  by  NJ  based  Securities 

Dealer.  Must  possess  Master's 

degree  or  equivalent  in  Computer 

Information  Technology  or  directly 

related  field  and  2  years  exp. 

in  software/systems  development 

and  design.  Respond  to:  Human 

Resources  Department,  Knight 

Trading  Group,  Inc.,  525  Wash¬ 
ington  Blvd.,  Jersey  City,  NJ 

07310. 

Senior  Systems  Engineer  needed 
to  investigate  and  resolve  com¬ 
puter  software  problems  of 
end-users.  Will  be  able  to  trace 
source  of  errors,  such  as  SAP 
software  configuration,  hardware 
configuration  or  web-server 
configuration.  Requirements: 
BE  in  computer  science,  elec¬ 
tronics  or  information  technology 
along  with  significant  experience 
in  the  job  offered  or  demonstrated 
experience  providing  high-level 
technical  support.  Send  re¬ 
sumes  to  Human  Resources  at 
(713)  952-9877. 

Systems  Analyst  wanted  by  NJ 
based  Co  for  job  loc  throughout 
the  US.  Must  have  Bachelor's 
degree  in  Comp.  Sc.  or  Engg.,  3 
yrs.  of  s/ware  exp.  &  proficiency 
with  VB,  ASP,  XML,  SQL  Server. 
Respond  to:  Netcom  Systems, 
Inc.,  200  Metroplex  Dr.,  3rd  fl., 
Edison,  NJ  08817.  (Ref.  GG 
8183).  No  phone  calls. 

Wireless  sftwr  engr  with  exp  in 
embedded  Systems  and  RDBMS. 
Req:  MS  in  Comp  Sci  or  rel  fid 
with  2+yrs  exp  in  design/devel¬ 
opment  embedded  wireless 
software  using  eVC++,  eVB,  ATL 
COM,  ADOCE,  and  CDPD; 
extensive  knowledge  of  WinCE 
and  Pocket  PC,  RTOS,  network 

com  protocols,  and  device  inter¬ 
facing  technology.  Please  send 
reusme  to  HR,  Advanced  Digital 
Data,  Inc.,  6  Laurel  Drive, 

Flanders,  NJ  07836. 

Geoscience  Programmers  wanted 

to  develop  8.  enhance  geo¬ 
science  software  using  C++  & 

MFC,  specifically  applies  to 

seismic  data  interpretation  & 

modeling.  Multiple  positions. 

Master  Degree  in  Science/Engi¬ 
neering  &  1  yr  programming  or 

related  exp.  Send  resume  to 

Seismic  Micro-Technology,  Inc., 

8584  Katy  Freeway,  Suite  400, 

Houston,  TX  77024. 

Sr.  Systems  Analyst  wanted  by 

NJ  based  Co  for  job  loc  through¬ 
out  the  US.  Must  have  Master's 

degree  in  Comp,  Sc.  or  Engg.,  3 

yrs.  of  s/ware  exp.  (for  Wireless 

Communication)  8.  proficiency 

with  Bluetooth,  UPnP,  WAP,  JINI 

8.  JDBC  Driver,  C++,  JAVA  8, 

Visual  Basic.  Respond  to:  Atinav, 

Inc.,  100  Franklin  Sq.  Dr.,  Ste. 

#304,  Somerset,  NJ  08873.  (Ref. 

GG  8073).  No  phone  calls. 

Computer  Professionals  needed 

w/exp  in  performing  database 

administration  using  Oracle 

Applications  (ERP)  on  Unix 

operating  system,  Developer 

2000,  Designer  2000,  PL/SQL, 

SQL’Loader,  SQL'Plus,  Pro'C, 

Oracle  Discoverer.  Support  8. 

conversion  of  Unix  based  Paybill 

Application  to  Oracle  Applications. 

Apply  to:  Select  Appt.  North 

America,  60  Harvard  Mills 

Square,  Wakefield,  MA  01880. 

IL  Wholesaler  of  Jewelry  seeks 
Web  Design  Analyst  to  develop, 
design  and  oversee  the  operation 
of  the  system;  research  and 
analyze  Web  sites;  confer  with 
management  to  plan  content, 
security;  use  research  analysis 
to  build  prototypes;  test  system; 
select  software  codes  and 
maintain  system/troubleshoot. 
Bachelor's  Degree  in  Electronics 
Engineering  or  equiv  based  on  a 
cred.  eval.  Min  exp.  req.  3 
months  in  job  or  job-related. 
Exp.  must  include  use  of  Oracle, 
Java  &  Windows  NT.  Travel  re¬ 
quired.  Resumes  to  GM  Raju 
Jewelers  USA,  Inc.,  330  E.  Roo¬ 
sevelt  Rd.,  Ste.  3G.  Lombard,  IL 
60148.  No  Calls.  EOE. 

Need  Sr  Software  Engineer  to 
manage  teams  to  design/develop 
client  server/internet  appls  using 
HTML,  XML,  JavaScript,  ASP. 
VB,  Oracle,  SQL,  etc  under  Unix 
8i  Windows  OS;  lead  teams  in 
testing  large,  complex  S/W  appls 
to  automate  business  processes 
using  various  testing  tools;  interact 
with  end  clients  and  evaluate 
team  members.  Require  MS  in 
CS  or  Engineering  (any  branch) 
with  3  yrs  exp  or  a  BS  or  foreign 
equiv  in  any  of  the  above  with  5 
yrs  of  relevant  progressive  expe¬ 
rience  in  IT.  Highly  competitive 
salary.  60%  traveling  involved. 
Send  resume  to:  InfoSmart  Tech¬ 
nologies,  Inc.  385  Leatherman 
Ct.  Alpharetta,  GA  30005 

Oracle  Developer  for  NJ  based 
Organization.  Must  have  a 
Bachelor's  degree  in  Comp.  Sc., 
Engg.,  3  yrs  of  exp  in  job  duties 
or  Comp.  S/W  dev.  and/or 
consulting  and  proficiency  in 
Oracle  and  its  tools.  Respond  to: 
Mr.  Jose  Montanez,  MIS  Dept., 
Operating  Engineers  Local 
825  Apprentice  Training  and 
Retraining  Fund,  65  Springfield 
Ave.,  Springfield,  NJ  07081. 
(Ref:  GG8133IM)  No  phone 

calls. 

Database  Developer  sought  by 

NJ  based  Securities  Dealer. 

Must  possess  Master's  Degree 

or  equivalent  in  Information 

Systems  Technology  or  directly 

related  field  and  2  years  exp.  in 

software/systems  development 

and  design.  Respond  to:  Human 

Resources  Department,  Knight 

Trading  Group,  Inc.,  525  Wash¬ 
ington  Blvd.,  Jersey  City,  NJ 

07310. 

A  new  millenium,  a  new  solution.  ITcareers. 
Call  Janis  Crowley  at  1-800-762-2977  SIDG 

^  J  Recruitment  Solutions 


Engineers 

Chief  Architect  to  oversee  product 
development,  optimization  and 
marketing  of  XML  &  Java-based 
enterprise  software-  Requires 
2  years  of  mgmt-level  exp.  in 
full-cycle  development  using 
XPath,  JCA,  &  JTA  Transaction 
Managers  technologies  for  dis¬ 
tributed  enterprise  software. 
Vice  President,  Engineering  to 
manage  the  development  of 
enterprise  software  for  business 
process  mgmt,  workflow  mgmt, 
web  interface  and  application 
servers.  Requires  4  years  of 
mgmt-level  exp.  in  full-cycle 
development  using  J2EE  Trans¬ 
action  Managers  technologies, 
developing  distributed  workflow 
mgmt  systems  in  Java,  &  devel¬ 
oping  XML  frameworks  for 
web-based  user  interfaces. 

IT  Manager  in  charge  of  network 
strategy  and  security.  Requires  2 
years  of  exp.  in  network  security 
mgmt.  using  IP  filtering  (high-level 
firewalling),  TCP/IP  encryption 
and  security,  and  BSD  sockets. 
All  positions  require  Bachelor's 
degree  (or  equivalent  work  ex¬ 
perience)  in  Engineering,  Com¬ 
puter  Science,  Mathematics,  or 
a  related  field. 

Send  resume  to:  Human 
Resources,  Intalio,  Inc.,  1900  S. 
Norfolk  St.,  Suite  290,  San 
Mateo.  CA  94403. 


Sr.  Software  Engineer.  Respon¬ 
sible  for  designing,  implementing 
&  developing  components  for 
company's  manufacturing  prod¬ 
ucts.  Analyze  high-level  product 
specifications  &  detail  design 
documentation  &  procedures 
for  application  development  & 
architecture  specifications  in 
client-server  environment  using 
Visual  C++,  C++,  UNIX/NT, 
Java/VB  Script,  Oracle/SQL 
database,  MFC  configuration, 
management.  COM/DCOM/ 
COM++,  COBRA  ORB  technolo¬ 
gy.  Must  have  Bachelor's  degree 
in  Computer  Science,  Electrical/ 
Electronic  Engineering  or  related 
field.  Foreign  degree  equivalent 
accepted.  Must  have  5  yrs.  exp. 
in  job  offered  or  position  w/same 
duties.  Salary:  $92,975.  Send 
resume  to  Jim  Pearce,  THRU-PUT 
CORPORATION,  2099  Gateway 
Place,  Suite  240,  San  Jose,  CA 
95110. 


Programmer  Analyst 
Design/implement  healthcare 
apps  with  VB  5.0/6.0/NET,  Access 
97/2000,  Com,  Dcom,  SQL 
Server  2000,  Crystal  Reports 
and  health  care  processes  in¬ 
cluding  patient  admission,  state/ 
federal  mds,  case  mix,  care 
planning,  physician  order,  infec¬ 
tion  control,  security  systems, 
payor  source/payor  plans,  mobile 
medical  device  apps,  healthcare 
billing/accounting  and  medical 
data  sharing  systems  with  3rd 
parties,  and  communication 
apps  for  health  care  workers. 
Prevailing  wage.  BS  Comp.  Sc. 
(or  foreign  equiv.)  with  2  yrs  exp. 
including  1  yr.  exp.  in  developing 
above  specified  applications 
using  above  tools.  Respond  to 
Geoff  Marsh,  Horizon  Healthcare 
Technologies,  12101  Woodcrest 
Executive  Drive,  Suite  201 ,  St. 
Louis,  MO-63141.  EOE. 


♦ 


Programmer  Analyst 
"Web  enable"  mainframe  apps. 
to  facilitate  EDI  using  Web¬ 
sphere,  Cold  Fusion,  ASP, 
Apache  &  related  Web  Servers, 
Cobol,  DB2,  CICS,  VB,  C,  Java  & 
related  tools,  Oracle,  SQL  Serv¬ 
er.  CSS,  XML  and  XSL  and 
Peregrine.  Employer  is  a  consult¬ 
ing  company  and  position  re¬ 
quires  travel.  Prevailing 
wage/benefit.  Respond  to:  Atten¬ 
tion:  Guy  New,  Jolig  Consulting, 
Inc.,  1311  Buckingham  Place, 
Richardson,  TX  75081.  EOE. 


Senior  Software  Engineer  sought 
by  home  satellite  design  &  man¬ 
ufacturing  company  in  Littleton, 
CO  to  work  in  Littleton  &  other 
unanticipated  job  sites  in  the  US. 
At  a  senior  level,  engage  in  full 
life-cycle  software  development 
of  applications  which  manage 
internal  processes.  The  software 
applications  are  developed  in  a 
client/server  platform  &  incorpo¬ 
rate  relational  database  man¬ 
agement  systems,  especially 
Oracle;  they  run  on  UNIX  &  Win¬ 
dows  NT  operating  systems. 
Analyze  requirements  &  create 
designs.  Code,  test,  debug  & 
enhance  the  software  applica¬ 
tions.  Complete  implementation 
of  the  applications  8.  provide 
subsequent  user  support  &  trou¬ 
bleshooting.  Prepare  related 
documentation.  Use  program¬ 
ming  languages  C,  Pro"  C  & 
PL/SQL;&  a  variety  of  tools 
including  Developer  2000, Oracle 
HR  applications^  SQL  Loader 
in  the  design  &  development 
process.  Requires  Master’s  or 
equivalent-specifically,  a  master's 
degree  or  foreign  equivalent  in 
computer  science  or  related  field 
plus  three  years  of  progressive 
experience  in  developing  soft¬ 
ware  applications  in  a  client/ 
server  environment;  or  a  bache¬ 
lor's  degree  or  foreign  equivalent 
in  computer  science  or  related 
field  plus  five  years  of  progres¬ 
sive  experience  in  developing 
software  applications  in  a  client/ 
server  environment;  Working 
knowledge  of  Oracle  Relational 
Database  Management  Systems, 
Developer  2000  &  PL/SQL.  8am- 
5pm,  M-F;  $73,235/year;  Re¬ 
spond  by  resume  to  James 
Shimada,  Colorado  Department 
of  Labor  &  Employment,  Em¬ 
ployment  &  Training  Division, 
Tower  II,  #400,1515  Arapahoe, 
Denver,  CO  80202,8.  refer  to  Job 
Order  Number  C05014400. 


Software  Development  Engineer 
sought  by  company  in  Louisville, 
CO  to  work  in  Brooklyn  Park,  MN 
&  other  unanticipated  job  sites 
in  the  US.  For  a  company  that 
manufactures  and  distributes 
computer  storage  devices,  par¬ 
ticipate  in  full  life-cycle  software 
development,  focusing  on  the 
design  and  development  of  soft¬ 
ware  applications  for  a  systems 
health  monitoring  software  pack¬ 
age.  Using  Shlaer-Mellor  graph¬ 
ical  OOA/OOD  methodology, 
UNIX  and  C++,  design  and 
develop  software  that  monitors 
the  overall  health  of  a  multi¬ 
processor  computer  system. 
Analyze  and  define  the  require¬ 
ments  for  a  particular  software 
application  or  product,  then 
create  designs  and  design  doc¬ 
umentation  for  the  software  and 
later  code,  test  and  debug  the 
particular  software  application. 
Develop  methodologies  for  the 
storage  and  management  of 
data  using  DCS  (data  collection 
service  domain).  Requires  Bach¬ 
elor's  in  comp.  sci.  or  comp,  eng.; 
2  yrs.  as  a  software  engineer  in 
the  data  storage  industry;  Work¬ 
ing  knowledge  of  DCS,  C++  and 
UNIX  (working  knowledge  may 
be  gained  through  employment 
experience  or  in  an  academic 
program).  8am-5pm,  M-F; 
$71 ,455/yr.  Respond  by  resume 
to  James  Shimada,  Colorado 
Department  of  Labor  &  Employ¬ 
ment,  Employment  &  Training 
Division,  Tower  II,  #400,  1515 
Arapahoe,  Denver,  CO  80202,  & 
refer  to  Job  Order  Number 
C05015209. 


Venturi  seeks  IS  Admin,  for 
Kirkland  office.  DESC:  Dsgn, 
impl,  &  admin.  RDBMS  8.  rel.  c/s 
8.  middleware  apps.  util.  SOL,  C, 
Java,  SGML/XML,  Perl,  PHP,  8. 
Unix  Shell.  Prov.  TCP/IP  netwk. 
admin.  8.  sup.  Dsgn  8.  impl.  LAN 
8.  WAN.  Prov.  UNIX  sys.  admin, 
sup,  &  rel.  s/w  dev.  Prov.  Internet 
8.  sys.  security  util,  firewall, 
encryption,  &  authentication 
techs.  REQ:  BS  in  Engr,  CS, 
Math,  or  Phys.  +  2  yrs.  exp.  in 
duties  listed  above.  Prem.  sal  + 
benes.  Pis.  reply  to  J.  King,  Job 
#CCL-88,  11255  Kirkland  Way, 
Kirkland,  WA  98033. 
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Emergys  Corporation.  We  are 
a  company  specializing  in  ERP, 
E-Business,  Client-Server  and 
Internet  Applications  with  over 
40  employees.  The  corporate 
headquarters  are  located  in 
Chapel  Hill,  North  Carolina  and 
a  branch  office  in  IL.  We  are 
looking  for  top-notch  computer 
professionals  with  consulting  ex¬ 
perience  in  the  following  areas  or 
a  combination  thereof: 

•  SAP-SAP  R/2  &  R/3  Functional 
and  Technical  Consultants  in: 
FI,  CO,  FI-TR,  Fl-Planning,  & 
HRSD,  MM,  PP,  PP-PI,  AM,  PM 
&  PS,  BASIS,  SAP-EDI,  ALE, 
BW,  WorkFlow,  BAPI 

•  RDBMS-Oracle,  Sybase,  In¬ 
formix,  MS-  SQL  Server 

•Tools  &  O/S-Designer  2000, 
Developer  2000,  Oracle  Case, 
PIVSQL,  SQL  Plus,  SQL'Loader, 
SQL'Reports,  SQL'Forms.  SQL 
’DBA,  Sybase  SQL,  Sybase 
DBA,  T-SQL,  DB-Lib,  CT-Lib, 
PowerBuilder,  UNIX,  AIX,  SCO, 
SCCS,  SVR,  Sun  Sparc,  Sun 
Solaris,  Windows  NT,  SQR, 
MQ  Series 

•  Groupware-Lotus  Notes  4.X, 
R5,  Domino  Server,  Lotus  Script, 
Lotus  Pump,  MS  Exchange  5.5 

•  RDBMS  Applications-Financial, 
Manufacturing,  Distribution, 
HRMS,  AOL  &  exp.  in  Business 
Area. 

•  Internet  Applications-Visual 
Basic,  ActiveX,  COM/DCOM, 
ASP,  VB  Script,  Visual  J++,  Vi¬ 
sual  C++,  Oracle  Web  Server, 
Visual  Cafe,  MFC.  MTS,  Java, 
JSP,  Java  Script,  Java  Beans, 
JDBC,  JFC,  CORBA,  HTML/ 
DHTML,  Perl,  Prolog,  LISP. 

•  E-Commerce-ARIBA,  Web¬ 
sphere,  Commerceone,  MS-Site 
Server,  IBM  Net  Commerce, 
Domino-  Action,  Merchant, 
XML 

Requirement:  Bachelor's  or 
Master's  degree  in  Computer 
Science,  Engineering,  Mathemat¬ 
ics,  Technology,  Management 
Information  Systems  or  Business 
Administration  with  1  to  5  years 
experience  in  the  field.  Must  be 
willing  to  travel  to  client  sites 
throughout  United  States.  We 
offer  competitive  salaries  and 
benefits.  Please  mail,  e-mail  or 
fax  resumes  to  Emergys  Corpo¬ 
ration,  6340  Quadrangle  Drive. 
#360,  Chapel  Hill.  NC  27517. 
Fax  (919)  408  3384.  Email: 
recruit  @  emergys.com. 


SENIOR  SOFTWARE  ENGI¬ 
NEER  to  lead  a  team  in  the 
design,  development,  testing, 
implementation  and  mainte¬ 
nance  of  Informix  based  appli¬ 
cation  software  in  a  client/server 
environment  using  Fourgen  and 
Fourgen  case  tools,  Informix 
4GL,  Visual  Basic,  C,  Power¬ 
Builder,  SQL,  Sybase,  Oracle 
and  UNIX  Shell  Scripting  for 
process  automation  under  SCO 
UNIX  and  Linux  operating  sys¬ 
tems;  Provide  technical  support 
to  end  users.  Require:  B.S.  in 
Computer  Science,  Computer 
Information  Systems,  or  a  close¬ 
ly  related  field  with  five  years  of 
experience  in  the  job  offered 
or  as  a  Programmer/Systems 
Analyst.  Extensive  travel  on  as¬ 
signment  to  various  client  sites 
within  the  U.S.  is  required.  Com¬ 
petitive  salary  offered.  Apply  by 
resume  to:  Eduardo  Santos,  VP 
of  Operations,  Noble  Systems 
Corporation,  4151  Ashford 
Dunwoody  Road,  Suite  550, 
Atlanta,  GA  30319;  Attn:  Job  CR. 


TECHNICAL 

SBI  is  looking  for  the  following 
positions  for  its  offices  in  Houston, 
TX,  San  Francisco,  CA.  Warren, 
NJ,  Portland,  OR  and  Salt  Lake 
City,  UT.  Programmer  Analysts, 
Technical  Architects,  Graphic 
Designers,  Business  Strategists, 
Systems  Analysts.  Software 
Engineers.  Resumes  by  email  or 
fax  only  to  HR,  SBI,  2825  East 
Cottonwood  Parkway.  Suite  480, 
Salt  Lake  City,  UT,  84121; 
careers©sbiandcompany.com; 
Fax  (801)  733-3201. 


COMPUTER/IT 

Business  Warehouse  Consultant 
(web  development  engineering). 
(Troy,  Michigan).  Requires  a 
Bachelor's  degree  or  equivalent 
foreign  education  in  engineering, 
computer  science,  or  business 
administration,  and  3  years' 
experience  in  the  job  offered  or 
3  years'  experience  in  data  ware¬ 
housing  software  development 
and  design  utilizing  SAP  R/3 
data  structure  and  internet 
browser  development  standards. 
All  stated  experience  must  include 
work  with  dynamic  database 
web  publishing  and  interactive 
report  design  using  Bex  queries 
and  analyzer,  SAPTable  Interface 
Class  Methods,  and  ABAP/4. 
One  year  of  stated  experience 
must  include  SAP  Business 
Information  Warehouse  devel¬ 
opment.  Engage  in  data  ware¬ 
housing  software  development 
and  design  utilizing  SAP  R/3 
data  structure  and  internet 
browser  development  standards, 
specifically  in  connection  with 
SAP  Business  Information  Ware¬ 
house  development.  Engage  in 
dynamic  database  web  publishing 
and  interactive  report  design 
using  Bex  queries  and  analyzer, 
SAPTable  Interface  Class  Meth¬ 
ods,  and  ABAP/4.  40  hrs./wk. 
8:00-5:00.  Apply  with  resume  to 
Jennifer  McKenzie,  Delphi  Auto¬ 
motive  Systems  Corp.,  1450  W. 
Long  Lake  Road.  Troy,  Michigan 
48098. 


COMPUTER/IT 

Senior  Software  Engineer.  Req. 
a  Master’s  degree  in  Comp.  Sci., 
Eng.,  or  Info.  Sci.  &  2  yrs.  exp.  in 
the  job  offered  or  2  yrs.  exp.  in 
object-oriented  analysis,  design, 
testing  &  implementation.  All  of 
exp.  must  incl.  use  of  Java, 
Weblogic,  &  J2EE;  design  & 
development  of  computer  training 
simulations;  &  relational  database 
design  &  application  in  a  software 
development  life  cycle.  (Exp. 
may  be  gained  prior  to  completion 
of  Master's  degree.)  Research, 
design  &  develop  advanced 
network  &  internet  related  e- 
learning  software  programs  in  a 
unified  style  software  develop, 
life  cycle.  Engage  in  analyzing, 
developing,  programming,  de¬ 
bugging,  testing  &  implementing 
web-based  software  projects  for 
web-sites  using  object-oriented 
programming  &  develop,  tools, 
including  C++,  Java,  Weblogic, 
J2EE,  &  relational  database 
design  schema  &  applic.  in  a 
software  development  life  cycle. 
Design  &  develop  computer 
training  simulations  &  build 
proprietary  software  tools  for 
commercial  &  in-house  use.  40 
hrs./wk.  Send  resume  to: 
SmartForce,  16100  N. Greenway 
-Hayden  Loop,  Suite  800, 
Scottsdale,  AZ  85260,  Attn: 
Linda  Lair. 


Data  Warehouse  Architect  in 
RTP,  NC.  Appl.  dsgn.  analysis, 
devlpmt  &  implement,  of  core 
operational  Data  Warehousing 
tech,  for  pharmaceutical  ops. 
Provide  mgmt.  Ivl.  eval.,  plan  and 
appl.  for  data  warehousing  prod¬ 
ucts  &  sves.  Serve  as  design  & 
program  consultant  working  with 
all  levels  of  IT  staff  on  existing 
and  planned  data  warehouse 
DBMSs  objects  &  appl./access 
layer.  Ensure  compliance  with 
global  and  local  IT  standards, 
audit  compliance  &  best  prac¬ 
tices.  Utilize  adv.  skills  in  Oracle 
8  Dbase  technology  and  progm. 
lang.  like  Pro’C,  C,  PL/SQL, 
SQR,  BRIO  &  prof,  in  UNIX  ops. 
sys.  Req.  Master's  (or  frgn. 
equiv.)  in  Comp.  Sci.  or  related 
field  with  2  yrs.  exp  in  same  pos. 
or  in  comp.  sys.  desgn  &  develop. 
Exp.  (may  be  obtained  concur¬ 
rently)  must  incl.  the  following 
1  yr.  exp.  with  VLDBs  in  high 
performance  data  warehouse 
processing  techniques,  2  yrs 
exp.  with  Oracle  Dbase  technol¬ 
ogy  using  Pro‘C,  C,  PLVSQL  & 
SQR,  &  2  yrs.  exp.  with  UNIX 
ops.  sys.  37.5  h/w.  Send  resume 
to:  GlaxoSmithKline,  do  CW408, 
SthE2428D,  PO  Box  13398, 
Research  Triangle  Park,  NC 
27709-3398  EOE. 


Vice  President  of 
Research  & 
Development 

Manage  web-based  collabo¬ 
ration  software  development 
team  and  work  on  software 
product  design.  Travel 
required.  Must  have  5-10 
years  experience  and  a  4  year 
college  degree. 

Forward  resume  to: 
e4eNet, 

Attn:  Michele  Monast, 

300  Crown  Colony  Drive, 
Quincy,  MA  02169; 

Fax:  617-376-8825; 

E-mail:  jobs@e4enet.com 
An  Equal  Opportunity  Employer 


www.e4enet.com 


SVI  AMERICA  CORP.  is  an  in¬ 
formation  management  &  tech¬ 
nology  consulting  company  with 
offices  throughout  the  US.  We 
work  with  many  organizations  to 
develop  integrated  solutions  that 
transform  their  enterprises.  By 
understanding  the  key  compo¬ 
nents  that  drive  an  organization, 
we  are  providing  tangible  results 
&  a  competitive  advantage  to  our 
clients. 

SVI  America  Corp.  presently 
requires  Systems  Programmer/ 
Analyst  with  the  following  quali¬ 
fications:  Bachelor's  degree  in  a 
Math.  Science,  or  Eng'g  related 
discipline  and  4  yrs  exp  in  job 
offered  and  working  experience 
with  CICS  &  COBOL. 

Demonstrate  ability  to:  Provide 
production  support  to  client's 
computer  appl'ns;  review  and 
approve  computer  packages 
prior  to  implementation  into 
production;  perform  systems 
integration,  testing  and  imple¬ 
mentation;  provide  regular  feed¬ 
back  &  status  reports  to  client's 
executives  &  IT  specialists; 
organize  teams  of  programmers 
for  the  appl'ns  being  handled; 
coordinate  with  onsite  product  & 
business  experts  &  /or  users  in 
the  U.S.  &  abroad  &  offshore  pro¬ 
grammers  and  discuss  activities, 
problems,  and  solutions;  function 
as  test  coordinator  for  all  appli¬ 
cations  during  system  or  utilities 
upgrade;  perform  tasks  using  the 
following  languages/software: 
COBOL,  CICS,  JCL,  CA-7,  SQL, 
Change  Man,  Extra  Personal 
Client,  Tivoli,  PCAnywhere,  Visual 
Foxpro,  Foxpro,  Visual  Source¬ 
Safe,  Microfocus  Cobol,  Paybase 
16,  Paybase  32,  Remedy,  Leech 
FTP,  ESSBASE,  A3  Vision,  & 
Windows  NT  .  In  addition,  suc¬ 
cessful  candidates  must  be  willing 
to  temporarily  relocate  to  client 
sites  throughout  the  U.S. 

To  apply,  please  contact: 

HR  Dept. 

SVI  America  Corp., 

15800  John  J.  Delaney  Drive, 
Suite  250,  Charlotte,  NC  28277 
or  E-mail:  hr  admin  @  sviamerica. 
com 


Sr.  Applications  Developer  - 
Must  have  exp  w/ActiveX,  ADO, 
Visual  C++,  SQL,  FIX,  ATL/STL, 
Sockets,  Rational  Rose  &  SAD. 
BS  in  CS,  Electronics,  Math, 
Eng'g  or  related  discipline  &  3 
yrs  related  exp. 

Software  Engineer  -  Must  have 
exp  w/Visual  C++,  PerlBuilder, 
VBScript.  JavaScript,  IIS,  SQL 
Server  &  Windows  NT.  MS  CS, 
Math  or  Eng'g  &  2yrs  related 
exp. 

Sr.  Network  Engineer  -  Must 
have  exp  w/PIX  firewall,  WEB, 
FTP,  routers  &  switches,  TCP/IP, 
Ethernet,  Windows  NT  &  2000, 
RSA  Authentication  &  VPN.  BS 
CS,  Math  or  Eng'g  &  2  yrs.  related 
exp. 

Send  resume  to:  ITTI,  1 20  B'way, 
34th  FI.,  NY,  NY  10271.  Attn: 
Naomi. 


Senior  Business  Consultant 

Carrier  Corporation,  an  HVAC 
manufacturing  company,  has  an 
immediate  opening  in  Syracuse, 
New  York  for  a  Senior  Business 
Consultant. 

Design,  develop  and  maintain 
custom  Lotus  Notes/Domino 
applications  and  perform  related 
support  services  in  both  Notes 
and  browser  client  environments. 

Must  possess  at  least  a  bachelor’s 
degree  or  its  equivalent  in  Com¬ 
puter  Science  or  a  related  field 
and  relevant  work  experience  as 
a  Programmer  Analyst,  including 
using  Lotus  formula  language 
and  LotusScript,  developing 
web-based  applications  using 
Domino,  and  using  Javascript, 
XML,  HTML,  DHTML  and  Oracle 
7.1  or  higher. 

Resume  and/or  cover  letter  must 
reflect  each  requirement  above 
and  specify  reference  code  SBC 
or  it  will  be  rejected. 

Forward  resume  to  Carol 
Antonacci,  Manager.  E-Business 
at  Carrier  Corporation,  Carrier 
Transicold  Division,  1  Carrier 
Pkwy,  Bldg.TR20,  Syracuse,  NY 
13221. 


Programmer/Analyst  -  Electrolux 
Home  Products,  a  multi-national 
manufacturing  corporation,  seeks 
a  qualified  Programmer/Analyst 
in  its  Springfield,  TN  office  to  be 
responsible  for  data  conversions, 
system  implementation  and  sys¬ 
tem  development  and  support  in 
JDEdwards  environment.  Reqmts: 
Bachelor’s  degree  in  Computer 
Science,  Engineering,  Math  or 
Technology  w /  2  years  of  experi¬ 
ence  in  the  job  offered  or  as 
Programmer  Analyst,  System 
Analyst  or  System  Consultant. 
Candidate  must  have  JD  Edwards 
programming,  AS400  and  Visual 
Basic  experience  and  extensive 
manufacturing,  programming  and 
analysis  background.  Employer 
deems  3  years  towards  under¬ 
graduate  study  and  1  year  of 
professional  experience  in  com¬ 
puter  field  as  meeting  degree 
requirement.  We  offer  competitive 
salaries  &  benefits.  Please  mail, 
email  or  fax  resume  to  Donna 
F.  Edwards,  P.O.  Box  35920, 
Cleveland,  OH  441 35-0920.  Fax 
(216)  898-2340,  Email:  donna, 
edwards  @  electrolux.com. 


SOFTWARE  ENGINEER 

Software  engineer  to  design, 
develop  and  test  computer  pro¬ 
grams  for  business  applications; 
analyze  software  requirements 
to  determine  feasibility  of  design; 
direct  software  system  testing 
procedures  using  expertise  in 
JD  Edwards  One  World,  Oracle, 
RPG/400  &  MQ  Series.  Require¬ 
ments:  Bachelor's  Degree  in 
Computer  Science  or  related 
field  and  two  years  experience 
as  a  software  engineer  or  com¬ 
puter  programmer,  knowledge  of 
JD  Edwards  One  World,  Oracle, 
RPG/400  &  MQ  Series.  Salary: 
$66, 000/year.  Working  Conditions: 
8:00  A.M.  to  5:00  P.M.,  40  hours/ 
week,  involves  extensive  travel 
and  frequent  relocation.  Apply: 
Manager,  Beaver  County  Team 
PA  CareerLink,  2103  Ninth  Ave., 
Beaver  Falls,  PA  15010-3957, 
Job  No.  WEB235555. 


Programmer/Analyst 
MSU  Software  Consultants  LLC 
seeks  Programmer/Analyst  in 
our  Cedar  Rapids,  IA  loc.  Pos. 
involves  software  analysis,  design 
+  updates  incl:  spec  dev't,  coding 
modules,  enhance  existing  func¬ 
tionality,  debug,  testing,  imple¬ 
mentation,  design  web  graphics, 
writing  scripts,  +  creation  of  control 
screens  for  admin  of  website. 
Using  Oracle,  JAVA,  JSP.  JAVA 
Script,  Windows,  UNIX,  OO.  C, 
Developer  2000,  PL/SQL,  HTML 
and  MS  Access.  Qualified  should 
have  Bach.  Sci.  degree  2  yrs. 
relevant  exp.  Applicants  send 
resume  to:  MSU  Software  Con¬ 
sultants,  Attn:  Mark  Dolter,  600 
1  st  Ave,  NW,  Cedar  Rapids,  IA 
52405 


Project  Manager.  Manage  inter¬ 
disciplinary  teams  to  design, 
develop,  test  &  implement  e- 
business  systems  solutions  for 
clients  using  Internet  technologies 
&  object-oriented  methodologies. 
Oversee  all  phases  of  system 
implementation  including  project 
planning,  project  management, 
fit/gap  analysis,  training,  testing, 
development  &  conversion. 
Tools:  Oracle,  UNIX,  PeopleSoft, 
PeopleTools.  Master's  in  Comp. 
Sci."  +  2  yrs.  exp.  in  job  offered 
req'd.  ("Will  accept  Master's  de¬ 
gree  in  any  field  +  2  yrs.  exp.  in 
systems  development  in  lieu  of 
Comp.  Sci.  degree.)  Various  & 
unanticipated  locations  through¬ 
out  the  U.S.  40  hrs/wk,  8am- 
5pm,  $1 16,000/yr.  Applicants 
must  show  proof  of  legal  authority 
to  work  in  the  U.S.  Send  2 
copies  of  resume  &  cover  letter 
to  Colorado  Dept,  of  Labor  & 
Employment,  Employment 
Programs,  ATTN:  Jim  Shimada, 
Two  'Park  Central.  Suite  400, 
1515  Arapahoe  Street,  Denver, 
CO  80202-2117.  Job  Order: 
CO5015159.  Employer  Paid  Ad. 
Application  is  by  resume  only. 


Programmer  Analyst,  develop 
scalable  dbase  driven  web  apps 
using  state  of  the  art  technologies 
to  develop  vertically  or  horizontally 
integrated  e-Business  solutions 
and  web  site  apps.  Reqs.  Masters 
Degree  in  info  sys,  comp  sci  or 
closely  related  field  +  2  yrs  exp 
or  Bachelors  Degree  in  same  + 
5  yrs  progressively  responsible 
exp.  Must  have  demonstrated 
object  analysis  &  design  skills, 
data  modeling  expertise  incl 
knowl  or  ERwin  &  exp  creating 
multithreaded  VisualBasic  com¬ 
ponents.  Must  have  exp  using 
Microsoft  Transaction  Server  & 
Terminal  Server.  40  hrs/wk  9- 
5:30.  Salary  commensurate  w/ 
exp.  Send  resume  to:  Barbara 
Dunn,  Vice  President  &  Treasurer, 
Comprehensive  Marketing,  Inc., 
850  Bear  Tavern  Road,  Suite 
101,  Ewing,  NJ  08628. 


SYSTEMS  ANALYST  to  analyze, 
design  and  develop  computer 
systems  to  structure  and  access 
financial  expenditure  databases 
using  COBOL.  COBOL  II,  JCL, 
CICS,  VSAM,  DB2,  XPEDITER, 
EASY-TRIEVE,  FILEAID,  ABEN- 
DAID.TSO,  PANVALET,  LIBRAR¬ 
IAN,  COMPAREX,  RPG,  MS 
ACCESS  AND  VISUAL  BASIC; 
Perform  duties  under  close 
supervision  of  project  manager 
to  ensure  accuracy  and  that 
project  progresses  according  to 
prescribed  instructions  and  ex¬ 
pected  results  are  met.  Require: 
B.S.  degree  in  Computer  Science, 
Business  Administration,  Eco¬ 
nomics,  or  a  closely  related  field 
with  one  year  of  experience  in 
the  job  offered.  Competitive 
salary  offered.  Send  resume  to: 
Eugene  Benjamin,  Office  of  HR, 
SC  Dept,  of  Juvenile  Justice, 
P.O.  Box  21069,  Columbia,  SC 
29221-1069;  Attn:  Job  EC. 


Position  opening  for  IT  profes¬ 
sionals  with  industry  exp.  (various 
skills  combination  reqd.)  in  Siebel, 
Smartscript,  ODBC,  Siebel  VB, 
Oracle  7.x,  Designer  2000, 
COM+,  VC++,  ATL,  Visual 
Interdev,  MTS,  XML,  Unix,  SDK, 
Corba,  CTI,  IVR  Integration,  etc. 
MS  or  equiv.  Engg.,  (any),  CS, 
Math.,  or  rel.  field  reqd.  Some 
positions  require  BS  or  equiv.  in 
any  of  the  above.  We  offer  com¬ 
petitive  pay  &  benefits.  Foreign 
educ.  equiv  &/or  combination 
of  educ/exp.  accepted.  Travel/ 
relocation  reqd.  Resumes  only  to 
HR,  American  Cyber  Systems, 
Inc.,  1 00  Crescent  Center  Pkwy., 
Suite  209,  Tucker,  GA  30084. 


Call  your 
ITcareers  Sales 
Representative 
or  Janis  Crowley. 

1-800-762-2977 


"Experienced  Programmer/Ana¬ 
lysts  for  Inter/Intranet  e-commerce 
applications  using  Java,  Jdevel- 
oper,  Oracle  8i,  JSP,  UML, 
Servelets,  JavaScript,  Delphi, 
Oracle  IAS  server.  Developer  & 
Designer  2000,  Sun  Solaris  and 
Windows  NT/2000  Requires 
atleast  4  yrs  of  experience  in 
above  skills  with  a  minimum  of 
one  year  in  Healthcare  Systems. 
Must  Have  a  Bachelor's  degree 
in  Computer  Science  or 
Engineering  .Send  resume  to 
Computer  Assoc,  of  USA,  Inc. 
7157  E.  M78,  East  Lansing,  Ml 
48823" 


Concio  Corp.  HQ  in  Santa  Clara, 
CA  seeking:  SW  Enggs,  Program. 
Anal.  Tech  Supp.  Special.  MS/ 
BS  or  equiv.  and/or  rel  wk  exp. 
Must  be  willing  to  travel  &  rel.  as 
reqd.  Mail  res,  ref  &  salary  req: 
Concio  Corp,  Sheela  Kotak, 
3130  Coronado  Dr.,  Santa 
Clara,  CA  95054. 


HNC  Software  is  currently 
recruiting  for  the  following  position: 

Software  Consultant/Sr  Software 
Consultant:  Development  role  w/ 
primary  focus  on  implementation 
tasks;  architect  &  implement 
specific  product  rule  projects; 
troubleshoot  application,  database 
&  network  connectivity  problems; 
work  w/  relational  databases, 
programming,  &  object  oriented 
analysis.  Jobsite:  Texas.  Reqs. 
B.S.Eng.,  CS  or  related 

To  apply,  please  send  your 
resume  to  mp@hnc.com,  fax: 
858-799-2800  or  mail:  5935 
Cornerstone  Ct  West,  San 
Diego,  CA  92121. 
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Cellular  Carriers,  DOD 
Debate  Spectrum  Needs 

Neither  side  gives  ground  at  government 
summit  held  to  resolve  contentious  issues 


BY  BOB  BREWIN 

WASHINGTON 

HE  U.S.  PENTAGON 
would  consider 
sharing  its  portion 
of  the  radio-fre¬ 
quency  spectrum 
with  commercial  wireless  oper¬ 
ators  —  if  those  companies  as¬ 
sume  liability  for  any  problems 
that  result,  including  the  possi¬ 
bility  of  a  test  missile  going 
astray  and  hitting  a  populated 
area  because  of  interference. 

That’s  one  scenario  outlined 
last  week  by  John  Stenbit,  assis¬ 
tant  secretary  of  Defense  for 
command,  control,  communica¬ 
tions  and  intelligence,  at  a  Spec¬ 
trum  Summit  sponsored  by  the 
Department  of  Commerce. 

A  Commerce  Department 
agency,  the  National  Telecom¬ 
munications  and  Information 
Administration  (NTIA),  man- 


Correction 

A  story  in  the  April  1  issue  ("Law¬ 
suits  Highlight  PayPal's  Growing 
Pains")  incorrectly  stated  that 
Palo  Alto,  Calif.-based  online 
payment  processor  PayPal  Inc. 
doesn’t  have  a  telephone  sup¬ 
port  line  for  free  account  holders 
and  mischaracterized  a  class-ac¬ 
tion  lawsuit  against  the  compa¬ 
ny.  PayPal  offers  a  toll  phone  line 
for  those  customers,  but  the  suit 
charges  that  the  number  is  hard 
to  find  and  subjects  users  to  long 
waits  and  frequent  hang-ups. 

The  story  also  misstated  Pay¬ 
Pal’s  payment  processing  vol¬ 
ume,  which  totals  about  $10  mil¬ 
lion  per  day. 


ages  portions  of  the  radio-fre¬ 
quency  band  licensed  to  feder¬ 
al  users,  including  the  Depart¬ 
ment  of  Defense  (DOD). 
Stenbit’s  extreme  example 
shows  the  sorts  of  difficult 
choices  commercial,  federal 
and  public  safety  users  face  as 
they  vie  for  a  piece  of  invisible, 
but  increasingly  valuable, 
spectrum  real  estate. 

In  a  keynote  speech,  Secre¬ 
tary  of  Commerce  Donald 
Evans  warned,  “Today,  more 
than  ever,  we  are  conscious  of 
the  importance  of  spectrum- 
related  technology  [for]  our 


Continued  from  page  1 

IBM  License 

and  software  configuration,” 
said  Lillian  Cooper,  president 
of  Share  Inc.,  a  large-systems 
user  group  in  Chicago.  “Com¬ 
panies  will  have  to  evaluate 
whether  the  software  savings 
opportunity,  in  the  face  of  ris¬ 
ing  software  costs,  is  worth  the 
extra  effort,”  she  added. 

IBM  didn’t  respond  to  re¬ 
peated  requests  for  comment. 

According  to  Cooper,  more¬ 
over,  IBM’s  decision  to  delay  a 
license  management  and  com¬ 
pliance  technology  called  IBM 
License  Manager  —  which  was 
supposed  to  have  become 
available  last  fall  —  was  due  to 
user  requests  for  changes  in 
that  technology.  But  the 
interim  manual  reporting  im¬ 
plementation  makes  WLC 
harder  to  manage,  Cooper  said. 

IBM  introduced  its  variable 


national  defense  and  home¬ 
land  security.” 

Evans  and  Federal  Commu¬ 
nications  Commission  Chair¬ 
man  Michael  Powell  both  said 
they  view  the  summit  as  a  first 
step  in  resolving  contentious 
spectrum  issues.  But,  aside 
from  agreeing  that  the  FCC, 
NTIA  and  Congress  have  cre¬ 
ated  a  bureaucratic  morass  of 
regulations  and  oversight  that 
impede  progress,  top-level 
participants  from  industry  and 
government  at  a  panel  discus¬ 
sion  agreed  on  little  else. 

For  example,  the  cellular 
telephone  industry,  which  has 
130  million  subscribers,  needs 
additional  spectrum  to  support 
both  voice  operations  and 
high-speed  data  services,  ac- 


WLC  in  October  2000  along 
with  its  64-bit  zSeries  main¬ 
frames.  WLC  basically  allows 
users  to  pay  for  mainframe 
software  based  on  the  expect¬ 
ed  average  size  of  their  work¬ 
loads  and  not  on  the  overall  ca¬ 
pacity  of  their  systems. 

Keen  Understanding  Required 

If  implemented  correctly, 
the  model  can  yield  “very  sub¬ 
stantial”  cost  savings  over  tra¬ 
ditional  capacity  models,  said 
Dan  Kaberon,  parallel  sysplex 
manager  at  Hewitt  Associates 
LLC  in  Lincolnshire,  Ill. 

“But  one  has  to  have  a  clear 
understanding  of  the  peaks 
and  valleys  of  workload  de¬ 
mand,”  he  noted.  Hewitt  has 
purchased  several  of  IBM’s 
zSeries  mainframes  and  has 
switched  all  of  its  software  to 
the  new  model,  but  Kaberon 
declined  to  specify  how  much 
Hewitt  has  saved. 

Doing  proper  software  ca¬ 
pacity  planning  is  crucial  to 


cording  to  John  Stanton,  chair¬ 
man  of  Bellevue,  Wash.-based 
VoiceStream  Wireless  Corp. 

Cellular  carriers  have  eyed 
portions  of  the  spectrum  used 
by  the  DOD  for  years  and  have 
lobbied  either  to  share  it  or  ac¬ 
quire  portions  of  the  band¬ 
width  in  an  outright  auction. 

An  auction  of  the  DOD  spec¬ 
trum  would  require  Defense 
officials  to  move  complex  sys¬ 
tems  to  new  frequencies, 
which  in  turn  would  require 
new  wireless  communications 
systems  costing  hundreds  of 
millions  of  dollars. 

The  cellular  industry  has 
proposed  an  auction  process 
that  would  include  money  to 
cover  the  DOD’s  expenses,  but 
Stenbit  said  that  approach  was 


taking  advantage  of  WLC,  said 
David  Ochroch,  an  analyst  at 
Reiner  Associates  Inc.,  a  San 
Francisco-based  contract  man¬ 
agement  consulting  firm. 

Under  WLC,  users  can  de¬ 
fine  the  system  capacity  they 
need  for  a  particular  workload 
and  pay  software  fees  only  for 
that  defined  capacity.  The  ap¬ 
proach  is  far  more  equitable 
than  previous  capacity  models, 
in  which  users  paid  for  soft¬ 
ware  based  on  the  overall  size 
of  the  system.  The  larger  the 
box,  the  higher  the  software 
cost,  irrespective  of  actual  use, 
Ochroch  said. 

However,  if  the  average 
workload  —  measured  over  a 
four-hour  period  under  WLC 
—  exceeds  the  licensed  capaci¬ 
ty,  the  result  can  be  perfor¬ 
mance  degradations  and  addi¬ 
tional  software  bills,  warned 
Pat  Ciacala,  president  of 
Ciacala  &  Associates  LLC,  a 
Hoboken,  N.J.-based  contract 
management  consultancy. 


an  “untenable  risk.”  The  FCC 
has  delayed  any  such  auction 
until  at  least  2004. 

Commercial  carriers  aren’t 
the  only  ones  seeking  spec¬ 
trum  space.  Electric,  gas  and 
water  utilities  use  their  slice  of 
the  spectrum  band  to  monitor 
and  control  wide-ranging  pow¬ 
er  networks,  gas  pipelines  and 
water  systems.  They  also  use 
specific  frequencies  to  dis¬ 
patch  repair  crews  —  and  they 
need  more  spectrum,  accord¬ 
ing  to  William  Moroney,  chair¬ 
man  of  the  Washington-based 
United  Telecom  Council,  a 
utility  industry  telecommuni¬ 
cations  trade  group. 

Powell  said  the  FCC  needs  to 
make  “greater  use  of  market 
mechanisms”  to  allocate  the 
spectrum. 

However,  Michael  Duffy,  di¬ 
rector  of  telecommunication 
services  at  the  U.S.  Depart¬ 
ment  of  Justice,  said  price  tags 
can’t  be  pinned  on  spectrum 
frequencies  because  they  “sup¬ 
port  things  society  demands, 
such  as  public  safety.”  ► 


Also,  not  all  users  are  likely 
to  benefit  from  WLC  as  it  cur¬ 
rently  exists,  said  Al  Sherkow, 
president  of  I/S  Management 
Strategies  Ltd.  in  Whitefish 
Bay,  Wis.  For  instance,  there 
are  many  cases  where  the  sum 
of  the  defined  capacities  li¬ 
censed  by  a  company  could  ex¬ 
ceed  the  capacity  of  a  system. 

Similarly,  a  usage-based  li¬ 
censing  option  available  on  sev¬ 
eral  crucial  pieces  of  IBM  soft¬ 
ware,  such  as  DB2,  IMS,  CICS 
and  MQSeries,  isn’t  available 
under  WLC,  analysts  said. 

To  take  advantage  of  the  fi¬ 
nancial  incentives  offered  by 
WLC,  users  need  to  under¬ 
stand  which  software  is  active 
in  each  system  image  and  the 
capacities  required  to  run  the 
software  on  these  images, 
Cooper  said.  Users  must  use 
that  information  to  plan  image 
capacities  and  software  de¬ 
ployment  on  those  images  and 
then  implement  the  plan,  she 
explained.  ► 
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Fair  Is  Fair 


HERE’S  WHY  MICROSOFT  IS  A  LAUGHINGSTOCK 
when  it  comes  to  security:  Last  week,  security  re¬ 
searcher  Georgi  Guninski  announced  that  he  had 
found  two  more  holes  in  Microsoft’s  Office  XP.  Gun¬ 
inski  actually  found  the  holes  in  mid-March  and  noti¬ 
fied  Microsoft  on  March  17.  After  two  weeks  passed  without  Micro¬ 
soft  issuing  a  patch  or  work-around,  Guninski  went  public. 

Microsoft’s  response?  A  belated  work-around  for  one  of  the  secu¬ 
rity  holes  and  a  complaint  that  Guninski  had  gone  public  “before 


we’ve  had  a  fair  chance  to  investigate.” 

Fair?  Fair?!?  Wait,  it  gets  better:  Microsoft’s 
official  statement  went  on  to  say  that  Guninski’s 
report  “may  put  our  customers  at  risk. . . .  Re¬ 
sponsible  security  researchers  work  with  the 
vendor  of  a  suspected  vulnerability  issue  to  en¬ 
sure  that  countermeasures  are  developed  before 
the  issue  is  made  public  and  customers  are 
needlessly  put  at  risk.” 

That’s  pathetic.  It’s  laughable.  Those  security 
holes  are  in  Office  XP  because  that’s  how  Micro¬ 
soft  shipped  the  product.  The  company  has  been 
shipping  products  for  years  that  are  badly  de¬ 
signed  and  poorly  tested  from  a  security  stand¬ 
point.  And  Microsoft  refuses  to  stop  shipping 
products  it  knows  are  faulty. 

Microsoft  is  also  a  notorious  foot-dragger 
when  it  comes  to  admitting  security  vulnerabil¬ 
ities  and  issuing  patches  and  work-arounds. 

And  when  the  company  does  issue  a  security 
patch,  far  too  often  the  patch  ends  up  breaking 
something  else  —  or  worse,  it  opens  a  new 
security  hole. 

That’s  what’s  neither  fair  nor  responsible. 
That’s  what  puts  Microsoft’s  customers  need¬ 
lessly  at  risk.  Nobody  else  created  this  situation. 
Microsoft  made  this  mess.  And  all  the  finger¬ 
pointing  is  just  cheating  Microsoft’s 
customers. 

Let’s  cut  to  the  chase  here:  So  far, 

Microsoft’s  big  security  initiative  — 
called  “Trustworthy  Computing”  — 
has  been  a  joke.  It’s  produced  noth¬ 
ing  but  hot  air  and  hand-waving.  And 
that’s  all  we’ll  get  unless  somebody 
in  Redmond  throws  some  real  mon¬ 
ey  and  real  clout  at  making  Micro¬ 
soft  products  more  secure. 

How?  Microsoft  could  start  by 
creating  SWAT  teams  that  treat  a 
security  hole  as  a  crisis  that  poses 
an  immediate  threat  to  customers, 


not  just  an  annoying  public  relations  embarrass¬ 
ment.  Teams  that  can  produce  work-arounds  to 
a  security  hole  in  hours  or  days,  not  weeks  or 
months.  Teams  that  get  the  resources  they  need 
to  define  fixes  properly  and  test  patches  thor¬ 
oughly  —  and  quickly. 

Then  Microsoft  could  begin  finding  security 
holes  on  its  own,  instead  of  waiting  for  those 
horribly  “unfair”  outside  security  researchers  to 
do  it.  That  means  creating  a  new  class  of  soft¬ 
ware  testers  at  Microsoft  —  testers  whose  goal 
is  to  break  Microsoft  products  in  any  way  possi¬ 
ble,  to  find  all  the  design  flaws  and  coding  er¬ 
rors  that  make  the  software  vulnerable,  whether 
they  were  in  the  specification  or  not. 

Those  code-busters  will  be  pariahs  among 
programmers  and  product  managers.  They’ll 
have  to  think  —  and  act  —  like  Microsoft’s 
worst  enemies,  attacking  products  from  every 
possible  angle  and  with  every  possible  tool. 

And  they’ll  have  to  keep  attacking,  even  after 
products  ship.  Especially  after  products  ship. 

But  their  efforts  to  uncover  holes  and  find 
problems  will  be  useless  unless  those  problems 
are  fixed.  Which  means  Microsoft  would  have 
to  give  them  a  boss  who  has  enough  clout  to 
stand  up  to  anyone  in  the  company  —  any  prod¬ 
uct  manager,  any  executive,  any 
Chief  Software  Architect  —  and  tell 
him  a  product  has  holes  and  must 
be  fixed  now,  and  damn  the  niceties 
and  the  shipping  schedule. 

Would  SWAT  teams  and  code¬ 
busters  and  a  Chief  Fix-It-Dammit! 
Officer  solve  all  of  Microsoft’s  secu¬ 
rity  problems?  Probably  not.  But 
with  a  real  investment  in  security, 
Microsoft  could  do  a  lot  less  whin¬ 
ing  about  “unfairness.” 

And  a  lot  fewer  people  would 
think  Microsoft’s  commitment  to 
security  is  a  joke.  ft 


frank  hayes.  Computer- 
world's  senior  news  colum¬ 
nist.  has  covered  IT  for  more 
than  20  years.  Contact  him  at  ■ 

frank_hayes@computerworld.com. 
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“THE  SEARCH  function  on  one 
of  my  Lotus  Notes  databases 
isn’t  working,”  user  messages 
help  desk  pilot  fish.  We  have 
many  Lotus  Notes  databases, 
fish  replies  -  which  one  isn’t 
working?  User  fires  back,  “When 
you  open  Lotus  Notes,  it  will  be 
the  database  on  the  left." 

BANKING  application  keeps 
losing  one  field  in  a  report.  Pilot 
fish  spends  a  week  trying  to  lo¬ 
cate  the  problem  and  finally  finds 
it:  “There’s  a  bad  2  bit  on  the 
backplane  of  the  processor,”  he 
tells  the  bank’s  president.  Furi¬ 
ous  president  calls  computer 
vendor’s  CEO  to  howl  that  it  took 
a  week  to  fix  this  problem  due  to 
"a  lousy  25-cent  part." 

MAINFRAME  channel  con¬ 
troller’s  indicator  lights  keep 
blinking  red  -  for  error.  At  5  a.m., 
after  10  hours  of  fruitless  trouble¬ 
shooting,  computer  engineer 
finally  strolls  into  the  command 
center  and  tells  IT  pilot  fish  he's 
fixed  all  the  red-light  errors. 
Flow'd  you  do  it?  fish  asks.  Says 


engineer,  “I  just  changed  them 
all  to  white  lights." 

* 

WHY  IS  the  wrong  day’s  backup 
tape  in  the  server?  boss  asks.  IT 
pilot  fish  points  out  that  the 
backup  system  hasn’t  worked  in 
two  years,  so  why  waste  time 
changing  tapes  every  day  for  a 
broken  backup  system?  Wrong, 
says  boss:  “Just  because  it 
doesn’t  work,  doesn’t  mean  we 
don’t  put  the  tapes  in  there.” 

NEW  IT  security  rules  at  this 
school  are  tight,  pilot  fish  re¬ 
ports.  Access  to  attendance  ap¬ 
plication  is  via  VPN  and  requires 
a  synchronous  key  generator, 
three  user  names  and  three 
passwords.  But  one  teacher 
finds  a  way  around  the  password 
hassles:  “Now  I  just  turn  my 
monitor  off  when  I  go  home." 

Flave  your  say:  sharky® 
computerworld.com.  You  get 

a  sharp  Shark  shirt  if  your  true 
tale  of  IT  life  sees  print  -  or  if  it 
shows  up  in  the  daily  feed  at 
computerworld.  com/sharky. 
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You're  an  IT  professional,  not  an  Internet  traffic  controller. 


Sick  of  saying  "no"  to  co-workers'  online  access  requests?  Let  Websense  Enterprise  Web  filtering  software  handle  your  Internet 
traffic  control  duties.  Our  customizable  features  save  time  and  headaches.  Whether  you  need  to  serve  50  or  50,000  users, 
manage  Internet  access  by  individual  or  group,  or  enable  surfing  at  lunch  or  after  hours,  Websense  gives  you  options. 

All  in  an  easy-to-install  and  implement  solution.  Get  the  Web  filtering  software  tested  and  trusted  by  more  than  half  the 
Fortune  500.  And  put  away  that  orange  vest  for  good. 


Stop  by  www.websense.com  today  for  your  free,  fully  functional  30-day  trial. 
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aele9/  JDeveloper 


“Oracle9/  JDeveloper  is  one  of  the 
most  responsive,  complete  and 
best  integrated  Java  development 
environments  that  we’ve  seen.” 

i^VEEK 

THE  ENTERPRISE  NEWS  WEEKLY 

“For  the  full  development,  debug¬ 
ging,  tuning,  and  development 
of.. .Java-based  applications  for 
complex  corporate  applications, 
I’ve  not  seen  better.” 

jAWPro 


“Oracle’s  goal  is  nothing  less  than 
providing  the  Java  developer  with 
a  single  soup-to-nuts  environment 
for  everything  from  UML 
modeling  to  J2EE  deployment.” 

.software 

development 


“JDeveloper  is  a  clear  winner.” 


MAGAZINE 


If  you  want  the  best  Java  integrated  development  environment, 

you  have  to  be  willing  to  spend  less. 
(Or  download  for  free,  but  don't  tell  anybody.) 


oracle.com/ad/jdev995 
or  call  1.800.633.1072 
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